Report Fraud About Us What We Do

Shopify Data Breach Consider The Consumer

Consumer News

Shopify Data Breach Unveiled; One of Many to be Announced

Shopify Data Breach Announced in String of Online E-Commerce Sites

Shopify disclosed on September 22 in an online post that the E-Commerce giant experienced a data breach and is currently working with the Federal Bureau of Investigation (FBI) to investigate the theft.

Shopify asserted that it was unaware of any illegal use of the data that was stolen.

The data breach involved customer account information from dozens of merchants selling online through the company’s platform. The breach may include access to basic contact information, such as emails, names, addresses, and order details, but not sensitive personal or financial information and not full credit card numbers.

Shopify did not reveal how many merchant accounts were affected but indicated that it was less than 200.

Shopify is an online retail sales platform that offers merchants with web design, maintenance services, and sales processing. There are more than a million retailers that sell their products through the platform. It is particularly popular among small and mid-sized merchants, with “nearly 300 million consumers around the world purchasing from a Shopify merchant in 2019 alone,” according to The Guardian.

“Rogue” Employees Behind Data Breach

Two “rogue” employees have been identified as the ones responsible for the data breach.

According to the announcement by Shopify, “we are in the early stages of the investigation and will be updating affected merchants as relevant. This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected.”

The “two rogue members” of Shopify’s support team have already been fired. Reports say that they accessed the information between August 15 and September 15.

Shopify first became aware of the data breach on September 15. According to the warning email sent by Shopify to its merchants, the two employees accessed the account information from the platform’s “Orders API, which lets merchants process orders on behalf of their customers.”

The email informed merchants that the last four digits of customers’ payment cards were taken and that there were around 4,900 customer records of the seller’s 1.3 million customers were accessed. Among those accessed were from Kylie Cosmetics, the eponymous brand of Kylie Jenner.

Shopify announced that “we don’t take these events lightly at Shopify. We have zero-tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.” To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.”

Editor’s note on the news about the Shopify Data Breach:

This article is created to inform you of the news about the Shopify Data Breach. If you have questions regarding the news and its updates, please send us a message!

Contact Us

For further information, don’t hesitate to send us an email at Outreach@ConsiderTheConsumer.com, find us on Twitter or Facebook, or even connect with us directly on our website! We look forward to hearing from you all.

Similarly, please check out our current list of Class Actions and Class Action Investigations, here.

Interested in articles like these? Become a subscriber below!

Interested in posts like these? Stay up to date with our newsletter!

No thoughts on “Shopify Data Breach Unveiled; One of Many to be Announced” yet. Be the first to speak your mind!

Leave a Reply