Expert comment: Shein fined $1.9M over data breach
October 2022 by John Stevenson, Product Director, Cyren
In light of the news that Zoetop, the company behind retailers Romwe and Shein, will pay New York state $1.9 million over a data breach affecting millions of customers, the comment from John Stevenson, Product Director, Cyren.
“Testament to the scale of the unsolved nature of social engineering attacks, every single of the millions of victims successfully targeted here now face phishing scams abusing their exposed PII in the pursuit of more valuable credentials.
It is likely many customers’ credentials have already been sold to the highest bidder and may now be used to target their place of work. However, because employees are so busy, they cannot feasibly be expected to detect all fraudulent emails every time. Therefore, organisations must implement additional layers of technology and processes to continually hunt for targeted email attacks like spear phishing and business email compromise to automatically eliminate the threats once identified.
A silver lining, however, is that hopefully expensive retributions for such failures to responsibly disclose and appropriately respond to a data breach is a step in the right direction towards creating a culture of compliance.”