Home Science & Technology Shein Holding fined $1.9 million for failing to disclose data breach

Shein Holding fined $1.9 million for failing to disclose data breach


Zoetop, the holding company behind retail giant Romwe and Shein, has been fined $1.9 million for failing to properly inform customers about a data breach that reportedly affected millions of users.

According to A notification The New York attorney general’s office this week accused Zoetop of failing to protect customer data, failing to adequately inform its customers and attempting to gloss over the real impact of the breach in 2018.

A 2018 hack led to the theft of credit cards and personal information, including names, email addresses and hashed passwords. The data breach reportedly affected 39 million Shein accounts and seven million Romwe accounts, more than 800,000 of which belonged to New Yorkers.

“Shane and Romwe’s lax digital security measures made it easy for hackers to steal consumers’ personal data in stores,” said New York Attorney General Letitia James.

“[They] must strengthen their cybersecurity measures to protect consumers from fraud and identity theft. This agreement should send a clear warning to companies that they need to strengthen their digital security measures and be transparent with consumers; nothing less will be tolerated.”

More generally, the risks associated with an organization not disclosing information about a breach are significant, according to Patrick Ragg, Cyber ​​Incident Response Manager Integrity360.

Talking to Information securitythe manager said that the first type of risk is financial.

“Not only will the organization suffer from operational issues (service disruptions) and therefore lost revenue, but if they do not disclose a breach to an ICO like this (especially if customer data is stolen), the fines often increase exponentially. than the actor threatens to redeem himself,” Reg explained.

In addition, companies can suffer reputational and credibility risks if they neglect to disclose information about a data breach.

“If customers find out that their data has been stolen and the company has tried to hide that fact, they will be much less likely to use that company in the future because of trust,” Regg said.

“Companies/partners will [also] are less likely to do business with a company that willfully failed to disclose a breach because they don’t want to fall into the ‘black hole’ of negative perception.”

Zoetop news comes after a data breach duo in Australia, which affected subsidiaries of telecommunications giant Singtel.

Previous articleMonth 1 with My Bolt EUV
Next article60 and 30 day notice of release letter and template