Illustration by Beatrice Sala
The company behind ultra fast fashion brands Shein and Romwe will pay New York state $1.9 million over a data breach affecting millions of customers. The fine stems from charges that Zoetop failed to secure customers’ data, didn’t properly inform customers of a data breach, and tried to keep the extent of the leak quiet.
The penalty comes after an investigation by the Office of the Attorney General into a 2018 hack in which credit card and personal information, like names, emails, and hashed passwords, was stolen. The data breach affected 39 million Shein and 7 million Romwe accounts, including more than 800,000 accounts belonging to New Yorkers.
Romwe reset passwords more than a year after it was hacked and told customers they’d simply…