BERLIN, Sept. 21, 2018 /PRNewswire/ -- On August 22, 2018, SHEIN became aware that certain personally identifiable information of its customers was stolen during a concerted criminal cyberattack on its computer network. Immediately upon becoming aware of this potential theft, SHEIN hired a leading international forensic cybersecurity firm as well as an international law firm to conduct a thorough investigation.
While the full extent of the attack will continue to be investigated, it can now be confirmed that the personal information illegally acquired by the intruders included email addresses and encrypted password credentials of customers who visited the company website. It is our understanding that the breach began in June 2018 and continued through early August 2018 and involves approximately 6.42 million customers. SHEIN may update this information at a later date based on any new findings.
During the investigation, SHEIN and its IT staff, as well as its cybersecurity investigators, will continue to closely monitor the network and servers so future breaches can be prevented. In addition, SHEIN servers have been scanned and malware found on the servers has been removed. "Back door" entry points to the servers opened by the attackers have been closed and removed.
SHEIN is in the process of notifying the proper authorities and its customers who may have been affected. SHEIN is sending customer notices that provide instructions for resetting passwords through the website. The resetting of passwords will help ensure the security of the site and customer purchases.
At SHEIN, we value our customer's safety and security above all else, and for this reason we are offering one year of identity theft monitoring to affected customers in certain markets. We will remain vigilant as we complete the investigation and implement new safeguards to prevent any future breaches.
For more information regarding the investigation and the actions SHEIN is taking to protect customer information, please refer to our FAQ at www.shein.com/datasecurity or contact us at +44 800-802-1077.