Breaking News

Secret Service honchos denied Trump additional security for 2 years before assassination attempt
Business

China-owned fast-fashion site Shein’s US expansion plans pose cybersecurity risk: experts

By
Social Links for Taylor Herzlich
Published July 8, 2024, 1:56 p.m. ET

Chinese fast-fashion giant Shein is looking to expand its supply chain throughout the United States — and experts warn its plans may pose serious cybersecurity risks.

The mostly-online retailer – known for cheap, trendy clothing items and valued at $66 billion in March – plans to sell supply-chain technology to global companies. US security experts have warned that Shein may be able to spy on the supply chain through these software deals and creep on customer data.

Shein’s involvement could present a risk of espionage, Dewardric McNeal, a senior policy analyst at Longview Global, told CNBC

“Given the intricate nature of the US and global supply chains, the potential for espionage or data gathering is a significant risk,” McNeal said. “Shein’s software could provide unprecedented access to sensitive supply chain data, which the Chinese government could seize under its laws.”

A Shein pop-up store.
Shein has plans to expand its supply chain throughout the US and sell supply-chain technologies globally. REUTERS

Chinese law requires companies to cooperate with handing over data, and despite Shein’s efforts to distance itself from the country, its supply chain and warehouses are still located in China.

Shein moved its headquarters from China to Singapore in 2022 to ease scrutiny on the company – a tactic Lee Kair, a former TSA top official and current head of transportation at The Chertoff Group, called “Singapore washing.”

“Even with a headquarters based in Singapore, company supply chain data could be subject to seizure by the Chinese,” Kair said. “This is a clear vulnerability of US customer data.” 

Shein logo and stock graph.
Shein moved its headquarters from China to Singapore in 2022. REUTERS

“We take security seriously and have implemented industry standard controls to protect customers’ data,” a Shein spokesperson told The Post. “We try to limit our data collection to the minimum amount of information necessary to process commercial transactions.” 

Shein said it stores US consumer data in Microsoft and AWS’s cloud-based solutions.

CNBC searched an ISO database to find the two certificates for Shein or its parent company Zoetop to no avail. 

Shein told The Post that it does have those two certifications through a third party.

A Shein logo outside an office building.
Shein’s plans for supply chain expansion come during a time of high tensions between the US and Chinese economies. AFP via Getty Images

Shein’s plans to expand its influence through the US supply chain follow tensions between the US and Chinese economies. 

The Biden administration in May raised tariffs on $18 billion worth of Chinese imports to “protect American workers and businesses” from “unfair” competition. 

“Pushing Shein as a logistics company is a response or retaliation to the US tightening up everything outsourcing from China,” Publican Co-Founder and CEO Ram Ben Tzion told CNBC. “This is a way for China to regain a hold on the global supply chain.” 

The company already boasts an extensive supply chain: Shein discloses 44 direct relationships and 5,000 suppliers, but likely has a much more complex map of connections, according to Exiger data.

Ben Tzion said Shein – and by default, the Chinese government as well – will be able to misuse sensitive consumer data shared through the supply chain. Shein would also have access to other companies’ distribution strategies – meaning it could gather information on upcoming product launches and rival them with their own merchandise. 

Workers at a textile factory that supplies clothes to Shein.
Shein has faced a number of roadblocks in its efforts to expand throughout the US. AFP via Getty Images

Shein has faced substantial backlash while trying to expand through the US. 

Last summer, 16 state attorneys general signed a joint letter calling on the SEC to require foreign-owned businesses to confirm they comply with a section of the Tariff Act of 1930 that prohibits the importation of products crafted by forced labor. 

Allegations that Shein relies on forced labor from the Xinjiang region in China – an area prohibited from supplying imports to the US due to human rights abuses against Uyghurs – circled before Shein filed last November to go public in the US.

Workers at a garment factory that supplies clothes to Shein.
Shein has come under fire for allegations that the company relies upon forced labor in the Xinjiang region in China. AFP via Getty Images

The year prior, New York Attorney General Letitia James fined Shein, sister-company Romwe and Zoetop $1.9 million for failing to protect consumer data in a 2018 data breach.

While Shein faces barriers to US expansion, rival Amazon is looking to develop its ties in China. Billionaire Jeff Bezos’ company will launch a new section on its website for cheaply priced fashion items that will allow Chinese sellers to ship directly to US customers, according to a CNBC report.

Amazon also recently cut fees for merchants selling clothing priced below $20, according to CNBC.