December 30, 2020 – ROMWE recently discovered customer usernames and passwords on the “dark web.” In an abundance of caution, we have taken steps to notify all potentially affected individuals and to provide resources to assist them.

On September 7, 2020, we discovered that some ROMWE customers’ usernames and passwords found on the dark web may have been stolen from our computer network in July 2018, as determined by internal and external forensic investigations. These usernames and passwords, if used, could have provided access to some ROMWE customers’ account information, including name, email, and phone number, or other optional information customers may have stored. If a customer stored credit card information in their account, it remains secure since ROMWE does not keep customers’ full credit card information.

Over the past several years, ROMWE has continued to improve its security protections as part of its regular security program activities, including by increasing password encryption and using more advanced intrusion detection technologies. For the present matter, we have also forced password resets for all potentially affected customers.

We have emailed notice to customers potentially impacted by this incident which includes information about the incident and steps individuals can take to monitor and protect their personal information. If you created your account after July 14, 2018, then we believe your account was not impacted. In addition, out of an abundance of caution, we are offering dark web monitoring to individuals at no cost through ID Experts. Instructions on how to sign-up is included in the email notice sent on or about December 30, 2020 to customers who were potentially impacted.

We take the protection of our customers’ information seriously and sincerely apologize for any inconvenience this incident may cause. Email: datasecurity@romwe.com .

To read “Frequently Asked Questions” about the incident, please visit here .