The owner of a fashion brand from China has been ordered to pay $1.9 million to New York for a data breach that affected millions of customers.

On Thursday, October 13, New York Attorney General Letitia James announced that Zoetop Business Company, Ltd., the parent company of Chinese fast fashion platforms Shein (Xiyin) and Romwe, reached an agreement to pay New York a $1.9 million fine. The fine was imposed because Zoetop did not correctly handle the personal information of tens of millions of consumers around the world.

Specifically, the company did not correctly handle a 2018 data breach, leading to the personal information of 39 million Shein accounts and 7 million Romwe accounts being compromised. 

The investigation concluded that Zoetop had failed to protect consumer information in the past adequately and had not taken appropriate steps to track down the data breach.

Hackers successfully stole credit cards and personal information, including names, email addresses, and account passwords of Shein customers. Among them are accounts of more than 800,000 New Yorkers

Zoetop only contacts a fraction of Shein’s 39 million accounts, and most affected consumers are unaware that their information has been compromised. Moreover, the company doesn’t even protect any stolen accounts with password resets or otherwise.

In addition, the New York attorney general’s office said the public statement issued by Zoetop describing the size and scope of the breach was inconsistent with reality. For example, Zoetop falsely claims that only 6.42 million consumers are affected and that the company is notifying all affected customers. Zoetop also claims it has not seen evidence that consumer credit card information accessed from its system was stolen.

James said, “Shein and Romwe’s weak digital security measures made it easy for hackers to shoplift consumers’ data. Then, Zoetop tries to cover it up. Shein and Romwe must button up their cybersecurity measures to protect consumers from fraud and identity theft.”

Shein and Romwe are famous e-commerce platforms millennials, and Gen Zs use worldwide. According to Shein, their business has spread to more than 220 countries and regions. A Bloomberg report in April suggested that Shein could be valued at as much as $100 billion.

According to VOA Chinese, In addition to the data breach, Shein also has other disputes, such as stealing ideas and worker exploitation. Furthermore, a 2021 survey by CBC News found that some products sold on the platform had excess lead content, including children’s jackets and mini wallets.

Sign up to receive our latest news!

By submitting this form, I agree to the terms.