Sponsored By

Fast Fashion Retailer Data Breach Draws $1.9M Fine

New York AG fines Shein and Romwe parent company for failure to protect customer data and downplaying the 2018 compromise of 46 million shopper records.

Dark Reading Staff

October 14, 2022

1 Min Read
A mobile screen showing the top of the e-commerce website for Shein
Source: Dzmitry Kliapitski via Alamy

In the wake of a June 2018 breach in which more than 46 million shopper records were compromised, the New York Attorney General's Office fined Zoetop Business Company $1.9 million. Zoetop's operation includes fast-fashion brands Shein and Romwe. 

Attorney General Letitia James said in a statement that Zoetop not only failed to protect customer data, but also lied about the scope of the breach, which ultimately affected 39 million Shein accounts and 7 million Romwe accounts. Of those victims, James' office estimates 800,000 are New York residents. 

“Shein and Romwe's weak digital security measures made it easy for hackers to shoplift consumers’ personal data,” James said about the Zoetop fine. "Shein and Romwe must button up their cybersecurity measures to protect consumers from fraud and identity theft. This agreement should send a clear warning to companies that they must strengthen their digital security measures and be transparent with consumers; anything less will not be tolerated.”

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights