Skip to main content
close search
site logo
Dive Brief

Shein says data breach affected 6.4M customers

Published Sept. 28, 2018
By
Contributor
Getty

Dive Brief:

  • Fashion retailer Shein said its website suffered a data breach this past summer affecting more than 6.4 million of its customers, during which "certain personally identifiable information of its customers was stolen," including e-mail addresses and passwords, according to a press release.

  • Shein discovered the cyberattack in late August. After an initial investigation, it is believed the attack lasted from sometime in June until late August, the press release stated. The company stated in an additional FAQ post on its website that it didn't believe credit card theft had occurred, but recommended that customers change their passwords.

  • The retailer further stated that its website servers "have been scanned and malware found on the servers has been removed. 'Back door' entry points to the servers opened by the attackers have been closed and removed."

Dive Insight:

Not much more is known about this particular attack yet, and the investigation is ongoing, according to Shein. But it could be something as simple as an email phishing scam, which was responsible for the multi-billion Target data breach five years ago (an e-mail phishing attack on a Target partner was directly connected to that breach).

The Target data breach seemed like a wake-up call for the retail sector. While investment in security strategies and technologies certainly has increased, and retailers talk a lot more than they once did about their mission to protect their customers, the attacks haven't stopped as we approach the five-year anniversary this December.

The Shein incident is just the latest evidence of that, but there are plenty of other recent examples including the Macy's data breach last spring and the Hudson's Bay Company attack in 2017, which was dubbed among the 'most damaging' in retail. Nevertheless, Shein responded to this incident quickly and decisively once it knew what was going on, and its communication about the attack and offer of a free year of credit monitoring to affected customers is consistent with what retailers in similar situations have done.

However, retailer responses to such incidents have become almost standardized. Customers rarely learn exactly how a breach happened and what the retailer will do next to make sure it never happens again. This pattern of response suggests retailers are starting to accept that there is not much they can do to stop attacks and that the industry has not made much progress since five years ago.

Filed Under: Technology

Editors' picks

Company Announcements

View all | Post a press release
Frank Mayer and Associates, Inc. Nominated for Prestigious 2025 Vendors in Partnership Award
From Frank Mayer and Associates
November 20, 2024
PENNA WEAR LAUNCHES AS A HIGH QUALITY AND STYLISH ALTERNATIVE TO SCRUBS
From Preface Global
November 01, 2024
Nakisa Unveils Next-Generation IWMS Product Portfolio
From Nakisa
November 04, 2024
SRS Real Estate Partners Adds Commercial Real Estate Veteran Chris Stewart to Bolster Owner Se…
From SRS Real Estate Partners
November 14, 2024
Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell