Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Shopify says two “rogue” employees are responsible for a recent data breach involving customer account information from dozens of the merchants that sell their products online through the company’s platform.
The company disclosed the data breach in an online post Sept. 22 and said it is working with the Federal Bureau of Investigation (FBI) to investigate the theft. As of the date of the post, Shopify said it was unaware of any reports of the data that was stolen being used illegally.
“We are in the early stages of the investigation and will be updating affected merchants as relevant,” Shopify’s announcement said. “This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected.”
The “two rogue members of our support team” who were scheming to pilfer customer transaction records have been fired, the company said. They accessed the information between Aug. 15 and Sept. 15.
Shopify has not revealed exactly how many of its merchants’ accounts were affected by the data breach, but did say the number was less than 200. The company says more than a million retailers sell their products through the Shopify platform.
According to the Shopify announcement, the cyber thieves might have accessed basic contact information, such as emails, names, addresses, and order details, but not sensitive personal or financial information and not full credit card numbers.
Shopify provides an online platform for retail sales, offering web design and maintenance services and sales processing — basically it can build an online shop, maintain it and handle all the backroom operations, including processing and tracking sales, managing inventory and storing customer account information.
While the company has some major clients, including Pepsi and Staples, it is particularly popular among small and mid-size merchants, according to a report by The Guardian.
“Nearly 300 million consumers around the world purchased from a Shopify merchant in 2019 alone,” the newspaper reported.
One Shopify merchant affected by the data breach spoke to the tech news website TechCrunch, the site reported. The retailer was not identified, but reportedly gave TechCrunch a copy of the warning email sent by Shopify, which said Shopify first became aware of the cybercrime Sept. 15. The email also said the two employees accessed the account information from Shopify’s “Orders API, which lets merchants process orders on behalf of their customers.”
The email stated that the last four digits of customers’ payment card were taken, TechCrunch reported.
The merchant also said Shopify’s email noted the number of customer records accessed from their shop — 4,900 of the seller’s 1.3 million customers — but not the overall number for all of the Shopify-hosted shops.
Among the other merchants reportedly involved in the Shopify data breach is Kylie Cosmetics, the eponymous brand of Kylie Jenner.
Business Insider reported that the makeup business informed its customers their data, including parts of their credit card numbers, might have been accessed illegally.
“We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product,” the Shopify announcement said. “To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.”
The company has not released any additional information or updates through its website or to the news media since the Sept. 22 announcement.
Are you a merchant who sells your items through Shopify? Have you ever shopped online from a Shopify retailer? Tell us about it in the comment section below.
Read About More Class Action Lawsuits & Class Action Settlements:
Warner Music Group Faces Class Action Lawsuit Over Data Breach
Claire’s Class Action Lawsuit Filed Over Data Breach
Sex Trafficking Survivor Appointed to U.S. Advisory Council on Human Trafficking
21 thoughts onShopify Data Breach Affects Dozens of Merchants
Please add me
Add me
Please add me.
Add me please
Add me. They purposely messed up my store’s script so customers can’t check out and I wont be able to see the LIVE VIEW. Abandoned Check out stopped working as well. They are scamming and redirecting prospect buyers to Sellers that are paying Marketing Ads.
Out website is beblemishfree.com
Hello,
Spotify is constantly charging for items and/or music subscriptions that dont exist, to-date iI’ve been charged five different times and have nothing to show for those charges
Please add me …
Thank you
it’s SHOPIFY not Spotify.
Shopify did the Same with me!!
PLEASE ADD ME!!!!!!
Add me
Please add me.
Please add me.
I have ordered from shopify a little before last Christmas they took the payments from my credit card for two big bean bag couches said they were delivered even the post office said they were delivered but never received nothing I just gave up on the whole matter so if I could be included all of the information is on my PayPal account
your issue is not with Shopify but with one of their Sellers. Contact the store, however i doubt you will win if you filed a dispute with Paypal.