SHEIN, a U.S. based online fashion retailer, has revealed it recently suffered a cyber attack they were able to access the emails and encrypted passwords of 6.42 million customers, the company said.
“On August 22, SHEIN became aware that personally identifiable information of its customers was stolen during a sophisticated criminal cyber attack on its computer network,” the retailer said in a statement on its UK website. The note, released on September, 21, indicates that as a result, the company hired both an international forensic cybersecurity firm and an international law firm to investigate the incident.
Data breach at SHEIN happened between June and August
“It is our understanding that the breach began in June 2018 and continued through early August 2018 and involves approximately 6.42 million customers. SHEIN may update this information at a later date based on any new findings.”
SHEIN said that the breach was tied to a cyber attack on its computer network that led to malware being planted on its servers.
“Our investigation has confirmed that the perpetrators gained access to email addresses and encrypted password credentials of customers who registered on the company website,” SHEIN said in a corporate release, stressing that there is no evidence that credit card information was stolen. “SHEIN typically does not store credit card information on its systems,” reassured the company.
Although the fashion retailer has chosen to not discuss the specifics of the breach, it has said its online store is safe to visit and use, and it encouraged customers to click a link their email notifications to reset their passwords.
In the meanwhile, SHEIN will “continue to closely monitor the network and servers so future breaches can be prevented” and is “evaluating/implementing additional security measures” recommended by investigators, the statement said. “We continuously try to improve those safeguards in response to evolving technology and threats.”