Skip to main content
Skip to navigation

Regulatory Enforcement

Fashion retailer Zoetop to pay $1.9M over data breach response

By Adrianne Appel2022-10-17T17:37:00

Zoetop, parent company to online clothing retailers SHEIN and ROMWE, agreed to pay $1.9 million as part of a settlement with the New York Attorney General’s Office for failing to properly protect customer information compromised during a 2018 data breach.

Zoetop did not properly protect customer data before or after the breach and “downplayed the extent” of the incident, New York Attorney General Letitia James said in an Oct. 12 press release.

Zoetop didn’t know where on its system it stored customer credit card information, James alleged. It allowed some credit card transaction information to be stored in plain text, she said, and used an algorithm to protect customer passwords that was known to be weak.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

Opinion
Leveraging COSO to mitigate AI risk: A step-by-step guide

2026-03-12T20:37:00Z By Jonny Frank and Michael Costa, CW guest columnists

AI elevates compliance, or exposes it. The technology presents compliance leaders and lawyers with an extraordinary opportunity to elevate their roles, as well as an equally extraordinary risk of accountability when AI fails, misleads, discriminates, hallucinates, or generates unreliable outputs.
Article
SEC enforcement priorities revert back to basics

2026-03-12T20:00:00Z By Jaclyn Jaeger

Recent pronouncements made by the U.S. Securities and Exchange Commission leadership, alongside the recent overhaul of the SEC Enforcement Manual, collectively signal a back-to-basics enforcement approach that appears beneficial for companies in their dealings with the agency.
Article
New DOJ policy places corporate enforcement emphasis on individual misconduct

2026-03-11T21:06:00Z By Adrianne Appel

The Department of Justice (DOJ) criminal division has announced a blanket policy against prosecuting companies that voluntarily disclose criminal wrongdoing and take other steps—and holding any individuals involved accountable for their criminal activities.

More from Regulatory Enforcement

Article
FCA drive to reduce its investigation costs likely to add to compliance burden for smaller firms, warn experts

2026-03-11T21:35:00Z By Neil Hodge

The U.K. financial regulator’s move towards “impactful deterrence” could see smaller and mid-size firms come increasingly under the spotlight as the watchdog aims to tackle market-wide concerns instead of primarily focusing on large players capable of doing the most harm.
Article
International agents take down major site where criminals traded stolen corporate info

2026-03-10T14:57:00Z By Adrianne Appel

A major online site used by cybercriminals to buy and sell information stolen from corporations and individuals worldwide has been shut down by an international enforcement action, the Department of Justice announced.
Article
Luxury brands told to tighten AML compliance as Dutch regulator fines Louis Vuitton

2026-03-10T14:57:00Z By Ruth Prickett

Money laundering is no longer a concern just for financial services and real estate. It is everybody’s business. But are most businesses adequately prepared for tighter AML rules? What does compliance need to know?