Zoetop, the parent company of fast fashion brands Shein and Romwe, has been penalized with $1.9 million by New York state for its missteps in managing a data breach in 2018 that impacted 39 million Shein accounts and 7 million Romwe accounts, The Verge reports.
The New York State Attorney General's Office found that Zoetop failed to inform 32.5 million Shein accounts regarding the compromise of their login information, while downplaying the number of customers affected by the intrusion. Moreover, data breach notifications have only been sent to Romwe customers in 2020 after customer logins believed to be stolen from the hack were found on the dark web.
Romwe customers were initially advised in December 2020 that their passwords were reset due to them being expired before sending another message in February noting that detection of suspicious activity has prompted the password resets.
Zoetop was also found by the state OAG investigation to have failed to implement appropriate security measures to protect its systems.
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
SecurityWeek reports that several car brands could be compromised by remote attacks leveraging a vulnerability in Sirius XM's connected vehicle services, which are being used by over 12 million vehicles in North America, including those made by Acura, Honda, BMW, Jaguar, Land Rover, Nissan, Infiniti, Subaru, Toyota, Lexus, and Hyundai.