A data breach was confirmed in a statement released by Shopify on September 22. It identified two of its own support staff members to have gone “rogue”, stealing customer transaction particulars from a minimum of 100 merchants.
In a blog posted on their website, the Canadian company goes on to acknowledgethe incident and convey initial internal investigation details. According to Shopify, two employees got a hold of customer basic contact information from nearly 200 merchants. However, they have concluded in their preliminary investigation that the data included “email, name, and address, as well as order details, like products and services purchased”. The investigation also includes that the breach did not encompass sensitive information of any sort, such as full payment card or financial credentials.
Due to the nature of the incident, it was promptly and properly reported to lawenforcement authorities. As per an email written by a company spokes woman,Spotify has been quick to tell their affected merchants of the ongoing situation andwork closely with them to help address their concerns.
Shopify has stressed that the incident should not be looked at as a “result oftechnical vulnerability”. Which is why they have taken many necessary steps toprove their “zero-tolerance for platform abuse” claim. As per their blog, they haverevoked the staff members’ network access in addition to having them removedfrom their positions in the company.
Shopify suffered a subsequent dip in their stock value on the New York Stockexchange by 1.27%. Hopefully the fact that they are working with the FBI to supportthe investigation of the breach and the former employees involved in the schemealong with everything else will help them regain their trust.