news

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

According to foreign media reports on July 26, the New York Attorney General's Office (NYAG) fined fast fashion company Shein Distribution Corporation (SHEIN) $1.9 million for failing to properly handle a data breach at the end of 2022.

Hackers attacked SHEIN and stole the credit card and personal information of nearly 40 million SHEIN customers. In a cease and desist warrant issued by the NYAG in 2022, the NYAG determined that SHEIN made false statements on its website.

According to the NYAG, SHEIN knew that customer credit card information had been stolen but told website visitors that the company had not seen any evidence that customer credit card information had been compromised.

In addition to the fine imposed by the NYAG, SHEIN must implement a comprehensive information security program, as well as safeguards and controls for the processing, storage, and handling of personal information.

The NYAG also requires the company to submit annual third-party assessments of these systems, networks, and policies until 2027.

The Federal Trade Commission (FTC) offers a number of recommendations for businesses that experience a data breach. According to the FTC, the three most important recommendations are:

1. Ensure operational security (secure physical areas and change access codes; establish and mobilize a breach response team; and convene data forensics and legal experts);

2. Fix any holes in your system (e.g., network segmentation and communications) as soon as they are discovered;

3. Notify relevant parties promptly in accordance with legal provisions.

Another fast-fashion retailer suffered a breach of the Social Security numbers of more than 500,000 former and current employees. By sending data breach notification letters as recommended by the FTC, the retailer complied with regulatory requirements and avoided penalties.