Online women’s fashion retailer SHEIN Group Ltd. is the latest victim of hacking ,with 6.42 million customer records stolen.

Waiting a month to tell customers, SHEIN said that it had become aware on Aug. 22 “that certain personally identifiable information of its customers was stolen during a concerted criminal cyberattack on its computer network.”

The information stolen included email addresses and encrypted passwords of customers but did not include credit card information.

Providing no further details as to how the attack took place, SHEIN said it has hired “a well-known forensic cybersecurity firm as well as an international law firm to help it investigate the incident further.”

Ruchika Mishra, director of products and solutions at Balbix Inc., told SiliconANGLE that the breach occurred in June, but it was only discovered in late August.

“It’s clear that organizations like SHEIN rely heavily on reactive cybersecurity strategies that detect and control breaches in progress or after that fact — and often not fast enough,” she said. “What is really needed is a proactive strategy that enables organizations to avoid breaches in the first place — not two months after the fact.”

Mishra conceded that with the number of potential threat vectors and number of information technology assets increasing, it’s almost impossible for security teams to observe and analyze all potential security issues. But she noted, “This is where AI and deep learning can be leveraged to enhance the capabilities of human threat analysts. It’s not a human-sized problem anymore, and when these types of breach avoidance technologies are not in place, it’s no wonder threats can fall through the cracks.”

Zohar Alon, co-founder and chief executive officer of Dome9 Security Inc. added that with the holiday shopping season around the corner, breaches like this often result in low customer trust and reduced sales.

“In today’s world, personally identifiable information is extremely valuable and must be protected at all costs,” Alon said. “Every business is a target for hackers, and companies like SHEIN that own incredibly large customer databases must have continuous visibility into all of their assets, so they can quickly remediate potential threats and better protect consumer data.”

Image: SHEIN