Two Shopify employees stole data from over 100 merchants, possibly exposing data from consumers who shopped on web stores using the company’s eCommerce software, according to the company, Bloomberg reported.
Shopify described the two members as “rogue” in a company blog post, which made note that less than 200 merchants were affected. Shopify fired the employees in question, and the company has begun working with the FBI in order to investigate the “criminal acts.”
“This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected,” the post stated.
Stores that were affected could have had consumer data exposed, including email addresses, names, addresses and other pertinent information, according to the post. Shopify confirmed that complete card information and other sensitive personal financial information weren’t part of the scheme.
The breach took place Sept. 15, according to an email sent by 100% Pure, a cosmetics retailer using the Shopify platform, Bloomberg reported. Ric Kostick CEO of 100% Pure, said in the email that the company’s “top priority right now is to ensure that the safety and security of their data are protected,” per Bloomberg. “We are carefully evaluating the extent of this incident with Shopify and will take all necessary and immediate actions to prevent this from happening again.”
Shopify, which went public in 2015, has seen a surge in activity since then, as the pandemic has forced retailers to shift to digital.
In the second quarter of this year, Shopify reported a $714.3 million revenue haul, an increase of 97 percent from last year. Gross merchandise volume increased 119 percent, with particular swells in April and May.
According to the company, store creations on the platform grew 71 percent due to the overall shift to digital. The company’s own free-trial expansion from 14 days to 90 days also helped matters, it said, although that offer ended May 3.