Zoetop Ordered To Pay $1.9M Over Data Breach

Zoetop, the parent company behind retailers Romwe and Shein, have been ordered by the State of New York to pay $1.9 million over a data breach which affected millions of customers. Zoetop was found guilty of failing to secure customers’ data, not properly notifying customers and trying to keep the extent of the data leak under wraps. This penalty comes after an investigation by the New York Attorney General into a 2018 cyber attack in which credit card and personal information was stolen.

Before I give my thoughts on this, let’s hear from John Stevenson, Product Director at Cyren on this:

“Testament to the scale of the unsolved nature of social engineering attacks, every single of the millions of victims successfully targeted here now face phishing scams abusing their exposed PII in the pursuit of more valuable credentials. 

It is likely many customers’ credentials have already been sold to the highest bidder and may now be used to target their place of work. However, because employees are so busy, they cannot feasibly be expected to detect all fraudulent emails every time. Therefore, organisations must implement additional layers of technology and processes to continually hunt for targeted email attacks like spear phishing and business email compromise to automatically eliminate the threats once identified. 

A silver lining, however, is that hopefully expensive retributions for such failures to responsibly disclose and appropriately respond to a data breach is a step in the right direction towards creating a culture of compliance.”

My $0.02 worth. I am glad that the State of New York held Zoetop accountable for this and I hope that we see more of this going forward. Because if companies know that if they screw up they will get punished, they will take the steps required to make sure that they don’t get pwned.

Leave a Reply

%d bloggers like this: