Commerce

Shein owner fined $1.9M for failing to notify 39M users of data breach

Comment

A data breach from 2018 is putting Shein under the spotlight as the ultra-fast fashion e-commerce platform continues to conquer Gen Z markets across the world.

Zoetop, the firm that owns Shein and its sister brand Romwe, has been fined $1.9 million by New York for failing to properly handle a security incident, according to a notice from the state’s attorney general office this week. New York doesn’t publicly release data breach notifications like Maine, New Hampshire, California or other states, which is why the notice came so much later than when the cyberattack happened.

Shein, which was founded in China and recently moved its core assets to Singapore, saw explosive growth during the pandemic as the virus prevention pushed consumers to shop online. Its jaw-dropping affordability and vast clothing options have made it one of the fastest-growing consumer internet platforms worldwide in the past two years.

The firm’s meteoric rise puts the once low-key fashion exporter from China on the spot. It went from having no dedicated PR personnel just a few years ago to now scrambling to handle mounting media inquiries about supply chain transparency and alleged design theft as it further grows and gears up for an IPO.

The data breach brings it yet another PR problem. The company claims it’s significantly stepped up its security measures since.

“We have fully cooperated with the New York Attorney General and are pleased to have resolved this matter. Protecting our customers’ data and maintaining their trust is a top priority, especially with ongoing cyber threats posed to businesses around the world. Since the data breach, which occurred in 2018, we have taken significant steps to further strengthen our cybersecurity posture and we remain vigilant,” Shein says in a statement.

What happened?

A cybersecurity attack that originated in 2018 resulted in the theft of 39 million Shein account credentials, including those of more than 375,000 New York residents, according to the AG’s announcement. An investigation by the AG’s office found that Zoetop only contacted “a fraction” of the 39 million compromised accounts, and for the vast majority of the users impacted, the firm failed to even alert them that their login credentials had been stolen.

The AG’s office also concluded that Zoetop’s public statements about the data breach were misleading. In one instance, the firm falsely stated that only 6.42 million consumers had been impacted and that it was in the process of informing all the impacted users.

A lot has changed since 2018. Shein has risen from an up-and-coming online fast fashion seller at the time to an all-encompassing e-commerce platform that is threatening Amazon. In the second quarter of this year, the app’s U.S. downloads surpassed Amazon’s for the first time. The data breach might be dated, but keep in mind that Shein has been operating since 2008, so four years is quite recent in the firm’s history of existence. Cost-saving, trend-seeking Gen Z consumers might continue to shop on Shein despite its publicity issues, but to win the trust of regulators and the general public, there’s still much to be done.

More TechCrunch

If you spend time on X or Threads, where snarky memes rise and fall, you’ve probably seen posts referencing “founder mode” over the last few days, like this: https://www.threads.net/@carnage4life/post/C_eaQAxyIcV Or…

Those ‘Founder mode’ memes keep coming

These final maneuvers will bring to a close a troubled first crewed mission for the Boeing-made Starliner.

Boeing and NASA prepare to bring Starliner home without its crew on Friday

As Meta tries to rekindle the flame between Facebook and socially anxious youths, the company released a blog post Wednesday titled, “Navigating your 20s with Facebook.”

Facebook says, ‘How do you do, fellow kids?’

Cowboy has closed funding of around $5.5 million. With this recent funding round, Cowboy is now valued at €40 million on a pre-money basis.

E-bike maker Cowboy raises a small funding round as it targets profitability next year

HR and payroll software company Paylocity has agreed to acquire corporate spend startup Airbase for $325 million, the companies announced Wednesday. The deal is subject to regulatory approval and is…

Paylocity is acquiring corporate spend startup Airbase for $325M

A long-running lawsuit over the Internet Archive’s “emergency” e-book lending practices during the COVID-19 pandemic has ended in a loss for the website and a victory for publishers. The lawsuit…

Publishers prevail in lawsuit over Internet Archive’s ’emergency’ e-book lending

Ryan Breslow’s plan to get himself reinstalled as CEO of fintech company Bolt — and push through a $450 million fundraising deal that would value the startup at a staggering $14 billion…

Ryan Breslow’s $450M Bolt deal said to involve a restraining order now

Maybe a lack of AI characters is what Quibi got wrong. At least, that’s what one startup appears to believe.  My Drama is a new short series app with more…

Short series app My Drama takes on Character.AI with its new AI companions

A 23-year-old woman who allegedly killed two men in March while using Ford’s hands-free system, BlueCruise, has been charged with DUI homicide by Pennsylvania State Police. The woman, Dimple Patel,…

Woman who allegedly killed two people using Ford BlueCruise charged with DUI homicide

The hiring effort comes after X, formerly known as Twitter, laid off 80% of its trust and safety staff since Musk’s takeover.

X is hiring staff for security and safety after two years of layoffs

Hiya, folks, welcome to TechCrunch’s regular AI newsletter. If you want this in your inbox every Wednesday, sign up here. This week in AI, two startups developing tools to generate and…

This Week in AI: VCs (and devs) are enthusiastic about AI coding tools

The Cosmos Institute, a nonprofit whose founding fellows include Anthropic co-founder Jack Clark and former Defense Department technologist Brendan McCord, has announced a venture program and research initiatives to —…

The Cosmos Institute, whose founding fellows include Anthropic co-founder Jack Clark, launches grant programs and an AI lab

Once linked, parents will be alerted to their teen’s channel activity, including the number of uploads, subscriptions and comments.

YouTube debuts new parental controls aimed at teens

No one is putting the remote working genie back in the bottle. Which is good news for Oyster, a payroll and HR platform that specializes in distributed workforces — or…

As remote working keeps rolling, Oyster raises $59M Series D at $1.2B valuation

For the college students who are satisfied with dating apps, which may not be many, Tinder announced Wednesday a series of updates to Tinder U, its in-app feature that caters…

Tinder update targets college students as dating apps struggle

The exact contents of X’s (now permanent) undertaking with the DPC have not been made public, but it’s assumed the agreement limits how it can use people’s data.

Ireland’s privacy watchdog ends legal fight with X over data use for AI after it agrees to permanent limits

Years ago, Twitter tried but eventually walked away from building TV apps after getting a lukewarm reception. Now, as it looks to revive its advertising business, its new incarnation X…

X doubles down on video with a new TV app

Apple is likely to unveil its iPhone 16 series of phones and maybe even some Apple Watches at its Glowtime event on September 9.

Apple event 2024: How to watch the iPhone 16 launch

Korea’s Institute of Machinery and Materials this week showcased a robotic wheelchair with large, deformable wheels that can manage rocks, stairs and other obstacles. During normal operation, the wheel maintains…

Watch this robotic wheelchair’s compliant wheels take on bumps, rocks and stairs

Mayfield is launching AI Garage, a $100 million initiative for ideation-stage founders interested in building “AI teammate” companies.

Mayfield allocates $100M to AI incubator modeled after its entrepreneur-in-residence program

Anthropic is launching a new subscription plan for its AI chatbot, Claude, catered toward enterprise customers that want more administrative controls and increased security. Claude Enterprise will compete with OpenAI’s…

Anthropic launches Claude Enterprise plan to compete with OpenAI

Time is running out to take advantage of our Student Pass discount for TechCrunch Disrupt 2024. Students and recent graduates can still save up to $200 until September 6 at…

Students and recent grads: Only 3 days left to save on TechCrunch Disrupt 2024 Student Passes

Fast-forward to today, Slauson & Co. remains even more committed to the mission of inclusivity in its funding, and it seems limited partners have its back. 

Slauson & Co. raises $100M Fund II proving appetite for inclusion persists

Safe Superintelligence (SSI), the AI startup co-founded by former OpenAI chief scientist Ilya Sutskever, has raised over $1 billion in capital from investors including NFDG (an investment partnership run by…

Ilya Sutskever’s startup, Safe Superintelligence, raises $1B

The American sports betting market produced $10.9 billion in revenue in 2023 for casinos, sportsbooks and iGaming, according to the American Gambling Association. One of the reasons this industry is…

DubClub wants amateur sports bettors to win more

New climate tech VC firms have emerged in recent years, but existing ones are also raising larger funds. Founded in 2007, Dutch firm SET Ventures is one of the latter.…

Dutch clean energy investor SET Ventures lands new €200 million fund, which will go toward digital tech

Revefi connects to a company’s data stores and databases (e.g. Snowflake, Databricks and so on) and attempts to automatically detect and troubleshoot data-related issues.

Revefi seeks to automate companies’ data operations

If you build an AI search product, you compete with Google. But Google has a lot easier time answering queries with a single, simple answer, such as “how many is…

With $50M in new funding, You.com thinks its AI can beat Google on hard questions

Featured Article

reMarkable’s Paper Pro adds color, light and more but keeps the focus on ‘focus’

The $499 Paper Pro — a new naming convention to indicate it is a higher-end alternative to the now-$379 reMarkable 2, not a direct successor — is momentous for its addition of both color and a “frontlight,” though both features are what you might call muted.

reMarkable’s Paper Pro adds color, light and more but keeps the focus on ‘focus’

Good news for Microsoft: The U.K.’s antitrust regulator says that the tech titan’s high-profile acquihire of the team behind AI startup Inflection doesn’t cause competition concerns, and thus it won’t…

UK regulator greenlights Microsoft’s Inflection acquihire, but also designates it a merger