Shopify says ‘rogue’ employees may have stolen customer data

Two “rogue” employees at Shopify may have stolen customer data from roughly 200 online merchants, the e-commerce platform revealed.

The staffers were running a scheme to steal sellers’ transactional records that may have given them access to customers’ names, email addresses and order details such as the products and services they purchased, Shopify said.

“While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant,” Shopify said in a Tuesday message board post.

The breach — which Shopify has reported to law-enforcement authorities — wasn’t caused by a technical vulnerability in the company’s platform, and sensitive financial information such as complete credit card numbers was not involved, according to the post.

Shopify said it cut off the responsible employees’ access to its network and is working with the FBI and other international agencies on their investigation of the incident.

The breach involved fewer than 200 Shopify merchants’ data, the company said, a tiny fraction of the more than 1 million sellers who use the platform.

“Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns,” the company said. “We don’t take these events lightly at Shopify.”

Shopify’s stock price dropped about 1 percent in premarket trading Wednesday to $943.99 as of 9:02 a.m.

The Ottawa-based company has seen a surge in business as the coronavirus pandemic forced retailers to move their shops online. The number of new stores created on the platform grew 71 percent from April through June compared to first quarter of this year, while Shopify’s revenue spiked 97 percent from the comparable quarter last year to $714.3 million.

Share this article:

Source: Read Full Article