The company behind ultra fast fashion brands Shein and Romwe will pay New York state over a data hack. The company failed to secure customers' data, didn't properly inform customers of a data leak, and tried to keep the leak quiet.
The Office of the Attorney General investigated a hack in which credit card and personal information was stolen. More than one million accounts belonging to New Yorkers were affected by the data hack.
The passwords were reset more than a year after they were hacked.
The company did not reset passwords for any of the accounts after learning of the hack. Users of Shein accounts were not told that their information had been exposed. The company is accused of misrepresenting the number of customers whose data was stolen and of having no proof that credit card information was stolen.
Two years later, Romwe customers were notified of a data hack after a dark web discovery. The investigation found that after not changing their passwords for a year, customers were told their passwords expired. It replaced the message with one saying, "We detected suspicious activity, please verify your identity in order to restore your account."
The investigation found that the company failed to maintain reasonable security measures at the time of the hack, including failing to monitor for security issues or have a comprehensive plan in place in case of a cyberattack.
The website is popular with young people around the world because it has a constant supply of clothing and accessories. Shein was worth over 100 billion this year.
All Rights Reserved © 2024
