In the wake of a June 2018 breach in which more than 46 million shopper records were compromised, the New York Attorney General's Office fined Zoetop Business Company $1.9 million. Zoetop's operation includes fast-fashion brands Shein and Romwe.
Attorney General Letitia James said in a statement that Zoetop not only failed to protect customer data, but also lied about the scope of the breach, which ultimately affected 39 million Shein accounts and 7 million Romwe accounts. Of those victims, James' office estimates 800,000 are New York residents.
“Shein and Romwe's weak digital security measures made it easy for hackers to shoplift consumers’ personal data,” James said about the Zoetop fine. "Shein and Romwe must button up their cybersecurity measures to protect consumers from fraud and identity theft. This agreement should send a clear warning to companies that they must strengthen their digital security measures and be transparent with consumers; anything less will not be tolerated.”