Shopify Says ‘Rogue’ Staffers Stole Sensitive Data From Merchants
Ecommerce company Shopify has revealed a shocking data breach which saw two of its employees steal sensitive data from merchants, exposing the personal details of customers who shopped at web stores.
The Canadian-based software giant says two “rogue” employees engaged in a scheme to obtain customer transactional records and are now working with the FBI to investigate the incident after terminating the staff members.
“We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant,” Shopify wrote in a blog post.
“This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected.”
Shopify has assured less than 200 merchants were impacted by the Sept. 15 data hack, including cosmetics retailer 100% Pure.
Ric Kostick, chief executive officer of 100% Pure, said of the incident: “Our top priority right now is to ensure that the safety and security of their data are protected. We are carefully evaluating the extent of this incident with Shopify and will take all necessary and immediate actions to prevent this from happening again.”
Emails, names, addresses and order details were the only customer data exposed in the hack. Shopify says financial information such as card details were not part of the breach.
Shopify shares dipped by more than 1% on Tuesday after the incident.
The ecommerce company sells subscription software to retailers to help them market and sell online.
Australian retailers such as JB Hi-Fi and fashion brands Princess Polly and Tiger Mist use Shopify.
It is unknown if any Australian merchants are affected the data hack and Channel News has reached out to Shopify for comment.