Data belonging to nearly 200 merchants who used the e-commerce company Shopify, potentially including their customers' information, was compromised by a pair of “rogue” employees, officials recently announced.
Shopify staff announced in a Tuesday blog post that two support team members “were engaged in a scheme to obtain customer transactional records of certain merchants.” The compromised information could include customers’ data, such as their contact information, address, and purchase history, the company said.
“This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected,” the company memo stated.
As of Tuesday, all affected merchants had been notified, the company said. The potentially exposed information does not include full credit card numbers or other financial information.
Shopify said it is working with the FBI and “international agencies” that are investigating. The company will notify any merchants who were affected as needed, but said it has not found “evidence of the data being utilized.”
“Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns,” the memo further stated. “We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.”