Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

SHEIN fined US$1.9mn over data breach affecting 39 million customers

The data breach saw customer payment details posted on the dark web

Add bookmark
Olivia Powell
Olivia Powell
10/14/2022
SHEIN fined US$1.9mn over data breach affecting 39 million customers

Zoetop Business Company, the firm which owns fast fashion brands SHEIN and ROMWE, has been fined US$1.9mn by the state of New York after failing to disclose a data breach which affected 39 million customers.

The cyber security incident which took place in July 2018 saw a malicious third party gain unauthorized access to SHEIN’s payment systems. According to a statement issued by the state of New York’s Attorney General’s office SHEIN’s payment processor contacted the brand and disclosed that it had been “contacted by a large credit card network and a credit card issuing bank, each of which had information indicating that [Zoetop’s] system[s] have been infiltrated and card data stolen”.  

This discovery was made after the credit card network found SHEIN customers’ payment details for sale on a hacking forum. Separate to this issue, the issuing bank for the cards had issued a fraud alert after linking fraud for several customers to payments made to SHEIN.

Following the discovery of the cyber-attack, the payment processor informed SHEIN that they must employ a cyber security forensic investigator to look into the case. The firm employed by Zoetop found that during the cyber-attack malicious actors had gained access to SHEIN’s internal systems and had accessed personal and identifying information for 39 million customers. 

The data accessed included “names, city/province information, email addresses and hashed account passwords”. However, the method used to obscure them was vulnerable to hacking, allowing the malicious actors access to customers’ full password details.

Additionally, the login credentials of nearly 7.3 million ROMWE accounts were stolen in the breach and were later found for sale on the dark web in 2020.

An investigation by the New York Attorney General’s (AG) office found that Zoetop did not force any of the 39 million people affected to reset their account passwords. Zoetop instead identified 6.4 million customers of the 39 million affected who had previously placed an order with SHEIN and contacted them directly, suggesting they reset their password. Zoetop reset the passwords for the accounts affected by the ROMWE attack without informing them that they had been exposed in a data breach.

The New York AG also reported that a press release regarding the 2018 breach issued on a FAQ section of the SHEIN website contained misleading data. This included claims that only 6.4 million customers were affected in the breach and that there was “no evidence that [customer] credit card information was taken from [its] systems”, despite being previously informed that credit card data had been stolen in the breach.

The investigation discovered that Zoetop “did not provide the firm access to the compromised systems and a variety of information about [its] data security program”, “failed to adhere to PCI DSS requirements for protecting stored credit card data” and “did not use file integrity monitoring, monitor or analyze log files, retain an audit trail history, or perform quarterly network vulnerability scans”.  

Tags: SHEIN fast fashion fashion data breach cyber security incident cyber attack ROMWE Zoetop carding hack hacking

Recommended

info@cshub.com/r/n

We hope you enjoy All Access from CS Hub!!<\/p>\r\n<p>Best Regards,<\/p>\r\n<p><a href=https://www.cshub.com/"https:////www.cshub.com///" target=\"_blank\">CS Hub Team<\/a><\/p>\r\n<p>P.S. Be sure to check out our other upcoming <a href=https://www.cshub.com/"https:////www.cshub.com//events?filter_format=ONLINE\%22 target=\"_blank\">All Access events here<\/a>.<\/p>\r\n<p>--------------------------------<\/p>\r\nConnect with us on Social Media: <a href=https://www.cshub.com/"https:////www.linkedin.com//groups//12067996///" target=\"_blank\">LinkedIn<\/a> | <a href=https://www.cshub.com/"https:////twitter.com//CSHubUSA/" target=\"_blank\">Twitter<\/a><\/p>\r\n<p>--------------------------------<\/p>\r\n<p>FAQS<\/p>\r\n<p><b>Can I invite my colleagues?<\/b><br>Yes of course! Please send them this link so they can register for free! [WebUrl]<\/p>\r\n\r\n<p><b>How do I access the sessions?<\/b><br>\r\nAll Access is run on Zoom Events. You should receive an email shortly from Zoom Events with your unique All Access link to the event lobby. Please hold on to that email ahead of the event. We\u2019ll also send you a reminder 24 hours before we go live!<\/p>\r\n\r\n<p><b>Will the agenda be updated?<\/b><br>\r\nYes, the agenda will be continuously updated on the website with the latest sessions & speakers. As we get closer to the event, also look out for our weekly updates which will also include the latest updates information and link to access the event.<\/p>\r\n<p><b>Can I access the sessions On Demand?<\/b><br>\r\nEvery session will be available after the event via the event lobby. We\u2019ll also send you a reminder about the On Demand sessions which will be sent to you after the event is over.<\/p>\r\n<p>--------------------------------<\/p>\r\n<p>RELATED RESOURCES TO READ BEFORE YOUR EVENT<\/p>\r\n<ul>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//executive-decisions//reports//cs-hub-mid-year-market-report-2022?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CS Hub Mid-Year Market Report 2022<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//ciso-strategies-for-proactive-threat-prevention?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CISO strategies for proactive threat prevention<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//how-to-strengthen-email-security-and-protection-against-advanced-ransomware-attacks?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">How to strengthen email security and protection against advanced ransomware attacks<\/a><\/li>\r\n<\/ul>","event_registration_srs_confirmation_email":null,"assets_from_cdn":true},"bant_disabled":1,"sponsorship_disclaimer":null,"sponsorship_disclaimer_text":null,"sponsorship_disclaimer_checkbox_disabled":0,"ext_treat_id":null,"recording_url":null,"file_attachment":null,"ingo_enabled":0,"ingo_activator_id":null,"ingo_autofiller_id":null,"ingo_amplifier_id":null,"ingo_authorizer_id":null,"restricted_content":0,"featured_events_embedded":[],"featured_content_embedded":[{"id":"633c29fa2d36014b536f4a98","name":"Data breach sees Telstra employees\u2019 details posted online","description":"The details of 30,000 employees have been shared on a hacking forum","file":null,"url":"\/attacks\/news\/data-breach-sees-telstra-employees-details-posted-online"},{"id":"630f1f657e0c653b956d1017","name":"Student loan data breach leaks 2.5 million social security numbers","description":"Bad actors may have gained access to millions of users\u2019 information between June and July","file":null,"url":"\/attacks\/news\/student-loan-data-breach-leaks-25-million-social-security-numbers"},{"id":"632b1ade91b87b33247b657a","name":"Revolut data breach exposes information for more than 50,000 customers","description":"The fintech company suffered a data breach after a third party gained access to its database","file":null,"url":"\/attacks\/news\/revolut-data-breach-exposes-information-for-more-than-50000-customers"},{"id":"62e163ec41618908fd2621ca","name":"IOTW: Uber reaches settlement following cover up of data breach","description":"The ride-sharing app has admitted to covering up a major data breach in 2016 that affected 57 million users","file":null,"url":"\/attacks\/news\/iotw-uber-reaches-settlement-following-coverup-of-data-breach"},{"id":"633ec26749eb26399f304837","name":"IOTW: Capital One hacker given probation following cyber attack","description":"A former Amazon software engineer was found guilty of seven charges","file":null,"url":"\/attacks\/news\/iotw-capital-one-hacker-given-probation-following-cyber-attack"}],"featured_content_portal_embedded":null}" >

FIND CONTENT BY TYPE

News Case Studies Interviews White Papers Videos

Cyber Security Hub COMMUNITY

About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Cyber Security Hub, a division of IQPC

© 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC | Contact Us | About Us | Cookie Policy