Shopify has confirmed that two of their support staff were involved in a data breach as they stole customer data, including transaction records from nearly 200 merchants.
The company has terminated the contract of the employees involved and are currently working with the FBI and “other international agencies” to investigate the crime.
The customer data that has been accessed included email, name, physical address and order details such as products and services that they purchased. Shopify also confirmed that “complete” card numbers or any other sensitive personal or financial information wasn’t leaked during this breach, which they claim wasn’t because of a technical vulnerability.
“While we do not have evidence of the data being utilised, we are in the early stages of the investigation and will be updating affected merchants as relevant,” Shopify said in a blog post “The vast majority of merchants using Shopify are not affected. However, those whose stores were illegitimately accessed may have had customer data exposed.”
Shopify says that the affected merchants have been notified.
The true extent of the data breach can’t be confirmed yet as Shopify has only confirmed the number of merchants affected but not the exact number of customers that were affected due to the breach.
According to an email notification that a merchant received and shared with TechCrunch, Shopify first became aware of the incident on September 15 and that the last four digits of customers’ card information were accessed in this incident. Although the exact number of customers affected wasn’t reflected in the email, In this particular merchant’s case, over 4900 customer records were accessed.
In the News: Google introduces COVID layer in Maps
Prayank heads the Editorial at Candid.Technology. When not writing, he loves taking trips on his bikes or chugging beers as Manchester United battle rivals.
Contact Prayank via email: [email protected]