Shopify reveals customer data theft carried out by two "rogue" employees
Multinational Canadian e-commerce company Shopify Inc. announced on Tuesday that two of its employees had stolen data from “less than 200 merchants,” potentially compromising the personal data of consumers visiting the webstores in question.
“Two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants,” the company explained in a blog post, going on to highlight that both employees have had their access to the Shopify network terminated and that the incident has been reported to law enforcement.
According to Shopify, customer data that may have been exposed by the incident includes basic contact details – such as email, name, and address – and information about orders, such as products and services purchased. The company was, however, eager to reassure consumers that complete payment card numbers and similar sensitive personal or financial details were not affected by the incident.
Shopify further emphasized that it is working with the FBI and other international agencies in their investigations concerning the breach. Although the company does not currently have evidence of the stolen data being used, it pointed out that investigations are still in their early stages, and that any developments will be communicated to the merchants affected.
“This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected,” stressed the company. “Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns. We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.”
This is not the first time that Shopify, which sells merchants subscription software to facilitate the running of online stores, has had the security of its platform seemingly called into question. In 2019, a bug in the company’s software that could have led to the exposure of the revenue information of a number of merchants was discovered by a security researcher.
Copyright © 2020 FashionNetwork.com All rights reserved.