Skip to main content
close search
site logo
Dive Brief

Shein says data breach affected 6.4M customers

Published Sept. 28, 2018
By
Contributor
Getty

Dive Brief:

  • Fashion retailer Shein said its website suffered a data breach this past summer affecting more than 6.4 million of its customers, during which "certain personally identifiable information of its customers was stolen," including e-mail addresses and passwords, according to a press release.

  • Shein discovered the cyberattack in late August. After an initial investigation, it is believed the attack lasted from sometime in June until late August, the press release stated. The company stated in an additional FAQ post on its website that it didn't believe credit card theft had occurred, but recommended that customers change their passwords.

  • The retailer further stated that its website servers "have been scanned and malware found on the servers has been removed. 'Back door' entry points to the servers opened by the attackers have been closed and removed."

Dive Insight:

Not much more is known about this particular attack yet, and the investigation is ongoing, according to Shein. But it could be something as simple as an email phishing scam, which was responsible for the multi-billion Target data breach five years ago (an e-mail phishing attack on a Target partner was directly connected to that breach).

The Target data breach seemed like a wake-up call for the retail sector. While investment in security strategies and technologies certainly has increased, and retailers talk a lot more than they once did about their mission to protect their customers, the attacks haven't stopped as we approach the five-year anniversary this December.

The Shein incident is just the latest evidence of that, but there are plenty of other recent examples including the Macy's data breach last spring and the Hudson's Bay Company attack in 2017, which was dubbed among the 'most damaging' in retail. Nevertheless, Shein responded to this incident quickly and decisively once it knew what was going on, and its communication about the attack and offer of a free year of credit monitoring to affected customers is consistent with what retailers in similar situations have done.

However, retailer responses to such incidents have become almost standardized. Customers rarely learn exactly how a breach happened and what the retailer will do next to make sure it never happens again. This pattern of response suggests retailers are starting to accept that there is not much they can do to stop attacks and that the industry has not made much progress since five years ago.

Filed Under: Technology

Editors' picks

Company Announcements

View all | Post a press release
Why In-Store Analytics will be the Game-Changer
From eyefactive.com
November 04, 2024
Aroma Retail Supports Exponential Ecommerce Growth with Descartes Parcel Shipping Solution
From Descartes Systems Group
November 04, 2024
Yuma.ai Raises $5 Million to Transform E-commerce Customer Support with Advanced AI Agents
From Yuma AI
October 30, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Editors' picks
  • A Big Lots storefront with a cloudy gray sky
    Image attribution tooltip
    Nate Delesline III/Retail Dive
    Image attribution tooltip

    Is Big Lots’ transformation plan enough to save it?

    Analysts say the retailer may face an uphill battle in a crowded sector with strong rivals.

    By Nate Delesline III • July 29, 2024
  • Image attribution tooltip
    Adeline Kon/Retail Dive
    Image attribution tooltip
    Tracker

    The running list of major retail deals

    In April alone, L’Occitane sold Grown Alchemist, Mented Cosmetics was acquired by a private equity firm and Billy Reid snapped up Knot Standard’s DTC business.

    By Retail Dive Staff • Updated Sept. 13, 2024
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell