E-commerce company Shopify recently disclosed the discovery of a data breach that affected customer data and transaction details for fewer than 200 merchants who use their platform. Shopify has reported the data breach to law enforcement including the FBI and other international agencies.
According to the statement, two rogue employees on the customer support team were illegitimately collecting customer information and transactional data from specific merchants.
“We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement,” Shopify officials said. “We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.”
The data harvested by the employees may have included personally identifiable information such as customer names, emails and addresses, and transactional details such as order history. Payment card numbers and other financial data were not among the exposed information.
Shopify officials said affected merchants have been notified. Again, they said there is currently no evidence that the data has been used in any way beyond the initial breach.
Shopify has more than 1 million business clients, so the data breach affected a very small portion of the company’s client base.