Shopify Data Breach Announced in String of Online E-Commerce Sites
Shopify disclosed on September 22 in an online post that the E-Commerce giant experienced a data breach and is currently working with the Federal Bureau of Investigation (FBI) to investigate the theft.
Shopify asserted that it was unaware of any illegal use of the data that was stolen.
The data breach involved customer account information from dozens of merchants selling online through the company’s platform. The breach may include access to basic contact information, such as emails, names, addresses, and order details, but not sensitive personal or financial information and not full credit card numbers.
Shopify did not reveal how many merchant accounts were affected but indicated that it was less than 200.
Shopify is an online retail sales platform that offers merchants with web design, maintenance services, and sales processing. There are more than a million retailers that sell their products through the platform. It is particularly popular among small and mid-sized merchants, with “nearly 300 million consumers around the world purchasing from a Shopify merchant in 2019 alone,” according to The Guardian.
“Rogue” Employees Behind Data Breach
Two “rogue” employees have been identified as the ones responsible for the data breach.
According to the announcement by Shopify, “we are in the early stages of the investigation and will be updating affected merchants as relevant. This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected.”
The “two rogue members” of Shopify’s support team have already been fired. Reports say that they accessed the information between August 15 and September 15.
Shopify first became aware of the data breach on September 15. According to the warning email sent by Shopify to its merchants, the two employees accessed the account information from the platform’s “Orders API, which lets merchants process orders on behalf of their customers.”
The email informed merchants that the last four digits of customers’ payment cards were taken and that there were around 4,900 customer records of the seller’s 1.3 million customers were accessed. Among those accessed were from Kylie Cosmetics, the eponymous brand of Kylie Jenner.
Shopify announced that “we don’t take these events lightly at Shopify. We have zero-tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.” To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.”
Editor’s note on the news about the Shopify Data Breach:
This article is created to inform you of the news about the Shopify Data Breach. If you have questions regarding the news and its updates, please send us a message!
For further information, don’t hesitate to send us an email at Outreach@ConsiderTheConsumer.com, find us on Twitter or Facebook, or even connect with us directly on our website! We look forward to hearing from you all.
Similarly, please check out our current list of Class Actions and Class Action Investigations, here.
Interested in articles like these? Become a subscriber below!