Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Shopify says two “rogue” employees are responsible for a recent data breach involving customer account information from dozens of the merchants that sell their products online through the company’s platform.
The company disclosed the data breach in an online post Sept. 22 and said it is working with the Federal Bureau of Investigation (FBI) to investigate the theft. As of the date of the post, Shopify said it was unaware of any reports of the data that was stolen being used illegally.
“We are in the early stages of the investigation and will be updating affected merchants as relevant,” Shopify’s announcement said. “This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected.”
The “two rogue members of our support team” who were scheming to pilfer customer transaction records have been fired, the company said. They accessed the information between Aug. 15 and Sept. 15.
Shopify has not revealed exactly how many of its merchants’ accounts were affected by the data breach, but did say the number was less than 200. The company says more than a million retailers sell their products through the Shopify platform.
According to the Shopify announcement, the cyber thieves might have accessed basic contact information, such as emails, names, addresses, and order details, but not sensitive personal or financial information and not full credit card numbers.
Shopify provides an online platform for retail sales, offering web design and maintenance services and sales processing — basically it can build an online shop, maintain it and handle all the backroom operations, including processing and tracking sales, managing inventory and storing customer account information.
While the company has some major clients, including Pepsi and Staples, it is particularly popular among small and mid-size merchants, according to a report by The Guardian.
“Nearly 300 million consumers around the world purchased from a Shopify merchant in 2019 alone,” the newspaper reported.
One Shopify merchant affected by the data breach spoke to the tech news website TechCrunch, the site reported. The retailer was not identified, but reportedly gave TechCrunch a copy of the warning email sent by Shopify, which said Shopify first became aware of the cybercrime Sept. 15. The email also said the two employees accessed the account information from Shopify’s “Orders API, which lets merchants process orders on behalf of their customers.”
The email stated that the last four digits of customers’ payment card were taken, TechCrunch reported.
The merchant also said Shopify’s email noted the number of customer records accessed from their shop — 4,900 of the seller’s 1.3 million customers — but not the overall number for all of the Shopify-hosted shops.
Among the other merchants reportedly involved in the Shopify data breach is Kylie Cosmetics, the eponymous brand of Kylie Jenner.
Business Insider reported that the makeup business informed its customers their data, including parts of their credit card numbers, might have been accessed illegally.
“We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product,” the Shopify announcement said. “To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.”
The company has not released any additional information or updates through its website or to the news media since the Sept. 22 announcement.
Are you a merchant who sells your items through Shopify? Have you ever shopped online from a Shopify retailer? Tell us about it in the comment section below.
Read About More Class Action Lawsuits & Class Action Settlements:
Warner Music Group Faces Class Action Lawsuit Over Data Breach
Claire’s Class Action Lawsuit Filed Over Data Breach
Sex Trafficking Survivor Appointed to U.S. Advisory Council on Human Trafficking
21 thoughts onShopify Data Breach Affects Dozens of Merchants
same here $11K
Please add me
I logged on and there was a message on the home page telling me that they could not do the payout and they needed to verify may account info.
io had to upload a voided check and my ID, We received an email back saying it was the incorrect bank and I needed to resend. I didn’t think twice and got ready to give them a different checking account. This am I saw an email that said that they sent me a link to upload it. at this point I was furious because I realized they owed me. $22000. when I log in to the bank to make sure I was sending them the correct bank info I realized that they were no deposits made in my bank matching the payouts on the shopify page. No I am m missing over $70,000. PleaSE LET ME REMIND YOU I AM A SMALL BUSINESS!!!! when I reached out again to tell them we have a bigger problem, they had been paying someone thats not me, basically their response was , sorry we are not responsible for this. You got hacked by someone and here their bank account info, go to the police. OHHHHH I cant forget to mention, they offered me $256 compensation.
Please add me
Please add me
add me in
Please add me
Add me