(Hutchinson) – Local consumer protection regulators announced Wednesday that they had fined online retailer Sarkee E-Commerce Ltd. $100,000 and ordered it to rectify multiple compliance deficiencies within 90 days. The regulator’s investigation found that the company failed to adequately disclose “hidden additional fees” in its promotions and that its customer database had been accessed multiple times over the past year without timely notification to affected customers or adequate remediation measures.
Regulatory documents indicate that law enforcement authorities highlighted two key issues: First, the company consistently displayed “free trials/limited-time discounts” on its homepage and checkout pages, automatically adding subscription fees to subsequent bills without obtaining sufficient consent; and second, the company’s technical team delayed remediation after receiving a security vulnerability report by the statutory deadline, potentially exposing the personal information of approximately 30,000 users (names, email addresses, and partial shipping addresses). Regulators stated that these practices violated consumer protection regulations and data breach reporting obligations. Former Sarkee E-Commerce employees said internal records of promotional terms were confusing, and the customer service system lacked a unified process for handling customer cancellation and refund requests. One affected customer, who wished to remain anonymous, said, “I thought I was participating in a free trial, but ended up being charged for two months of subscription fees. The refund process was very complicated.”
Sarkee E-Commerce stated in a response that it had initiated an internal audit after receiving the initial regulatory notice and was working with a third-party security firm to rectify the situation. However, the regulator stated that the current remedial actions were insufficient to offset the initial violations, and therefore imposed a fine and pursued liability.
read more : Understanding Chain Hoists
Subsequent Measures (Regulatory Requirements)
$100,000 fine (published)
Submit a remediation report within 90 days and undergo a third-party audit
Notify affected customers of the data breach and provide one year of free credit monitoring
Clearly and prominently display all promotional terms and auto-renewal policies on the website
Sarkee E-Commerce Ltd. Official Statement
We value customer trust and take the concerns raised by regulators seriously. Since receiving the notification, we have immediately taken the following actions: closing the relevant promotional channels, suspending the automatic renewal process, notifying all affected customers, and initiating refunds. We have also engaged external cybersecurity experts to conduct comprehensive penetration testing and remediation, and will disclose the progress of these remediation efforts within 30 days. We are committed to transparency and accountability throughout this process.