Fast fashion retailer Shein plans to expand its services by selling its supply chain technology worldwide, but is reportedly facing concerns about potential cybersecurity risks and Chinese government involvement.
SHEIN, which has close ties to China, is facing scrutiny from cybersecurity firms and national security experts who are concerned that sensitive logistical and customer information could be leaked, CNBC reported on Monday (July 8).
Shein’s logistics software is reportedly currently in beta testing with select supply chain clients.
“We strive to limit data collection to the minimum information necessary to process commercial transactions,” Shain said in the report. “We have built our systems in accordance with leading data protection frameworks, such as the International Organization for Standardization’s standards 27001 and 27701.”
The U.S. supply chain has millions of connection points, and integrating application programming interfaces (APIs) without proper cybersecurity measures poses significant risks, the report said. Cybersecurity experts have warned that compromised integrations could expose customer data and put connected systems at risk.
The complexity of Shein’s supply chain, with thousands of suppliers and partners, further compounds potential vulnerabilities, according to the report: Shein’s extensive supply chain network includes more than 10,000 companies one tier away from retailers, and more than 50,000 entities when drilled deeper.
This interconnectedness raises concerns about data access and potential espionage, the report said. Experts argue that Shein’s software could give the Chinese government unprecedented access to sensitive supply chain data, putting the integrity of U.S. supply chains at risk and exposing them to misuse and manipulation.
Shain relocated its headquarters from China to Singapore in 2022 to distance itself from its ties to China. However, critics have deemed this a practice known as “Singapore washing” and questioned the effectiveness of such moves in mitigating regulatory scrutiny, according to the report. Chinese law requires companies to cooperate in providing classified information about U.S. citizens to the Chinese government.
According to reports, Shain had filed for a private initial public offering (IPO) in the United States in November 2023, but political pressure and other challenges in the U.S. led it to consider London as an alternative location for the listing.
The company has also reportedly repeatedly tried but been rejected for membership in the National Retail Federation (NRF), which would aid the company’s “charm offensive” as it tries to convince lawmakers that it could become a publicly traded company in the United States.
