Skip to content

Shopify says two ‘rogue’ employees involved in data breach to obtain customer records

Shopify says it doesn’t have evidence at this point in the investigation that the data was used
22784100_web1_200902-RDA-Business-Markets_1
The Ottawa headquarters of Canadian e-commerce company Shopify are pictured on Wednesday, May 29, 2019. THE CANADIAN PRESS/Justin Tang

Shopify Inc. is working with the FBI after two “rogue members” of its support team engaged in a scheme to illegitimately obtain customer transactional records of some merchants.

The Ottawa-based tech firm says it terminated the employees’ access to its network and referred the data breach to law enforcement.

Shopify says it doesn’t have evidence at this point in the investigation that the data was used.

It says fewer than 200 merchants whose stores were illegitimately accessed are at risk of having had their customer data exposed. This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased.

Complete payment card numbers or other sensitive personal or financial information were not involved.

Shopify, which is Canada’s most valuable company, says the incident was not the result of a technical vulnerability in its platform, and emphasized that the vast majority its customers are not affected.

“We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product,” it said in a company message board.

“To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.”

ALSO READ: BC Liberals must change gears from election cynicism, focus on the issues, UBC professors say

The Canadian Press


Like us on Facebook and follow us on Twitter.

Want to support local journalism during the pandemic? Make a donation here.