Paying the Price for a Major Cybersecurity Misstep

As ingenious as they are known to be, human beings cannot keep themselves from making a mistake every now and then. This has already been proven quite a few times throughout our history, with each testimony practically forcing us to look for a defensive cover. We will, however, solve our conundrum in the most fitting way, and we’ll do so by bringing dedicated regulatory bodies into the fold. Having a well-defined authority across each and every area was a game-changer, as it instantly concealed our many shortcomings, and consequentially, introduced us to all those possibilities that we couldn’t have imagined in our wildest dreams. Unfortunately, the utopia to emerge from it didn’t last very long, and if we are to tell you why, we’ll have to put the blame on technology’s shoulders. The moment technology got its layered nature to take over the scene; it allowed every individual an unprecedented chance to exploit others for their benefit. In case this didn’t sound bad enough, the whole runner soon began to materialize on such a massive scale that it expectantly overwhelmed our governing forces and sent them back to square one. After spending a long time in the wilderness, though, it seems like the regulatory contingent is finally ready to make a meaningful comeback. The same has only turned more and more evident over the recent past, and a newly-imposed penalty does a lot to solidify its traces moving forward.

New York Attorney General, Letitia James has formally charged Zoetop, the parent company of Shein and Romwea, with a penalty worth $1.9 million in relation to a data breach that occurred during the year 2018. Affecting a grand total of 39 million Shein and 7 million Romwe accounts, the breach saw hackers gaining access to sensitive details such as customers’ credit card credentials, along with other personal information, including names, emails, and hashed passwords. According to the claims, even after it became aware of the attack, Zoetop didn’t inform the customers in a proper manner. Hold on, the plot thickens from here. For 32.5 million Shein accounts, the company failed to send users any alert whatsoever in regards to their login credentials getting exposed. As far as Romwe accounts are concerned, Zoetop didn’t find out about their compromised status until two years later when it discovered relevant customer logins on the dark web. All these elements will trigger a lengthy investigation, which ended up uncovering a lot more than initially anticipated. To give you an example, it showed how the company was using insufficient password management systems, while also lacking a reliable way to monitor security issues.

In response to this latest development, Shein put out a statement saying:

“We have fully cooperated with the New York Attorney General and are pleased to have resolved this matter. Protecting our customers’ data and maintaining their trust is a top priority, especially with ongoing cyber threats posed to businesses around the world. Since the data breach, which occurred in 2018, we have taken significant steps to further strengthen our cybersecurity posture and we remain vigilant,”

Hot Topics

Related Articles