Shopify has reported a security incident where two of its rouge employees from the support department have accessed PII of few stores. Shopify said the breach was immediately contained by restricting access of those employees to the network and said less than 200 merchant stores were affected by this. It claims to have informed the concerned merchants.
Shopify Disclosed an Internal Data Breach
Shopify is an e-commerce giant providing tools for making online shopping sites. It reports having over one million registered merchants who serve hundreds of millions of customers daily. The company has disclosed a data breach incident yesterday, where it referred two of its employees as rouge.
Shopify said that two employees from its support department have allegedly accessed the personal information of a few merchants. Realizing the breach, it immediately terminated the access of these employees to the network and informed law enforcement. Shopify said that less than 200 merchants’ stores were affected by this incident.
While there’s a hint on exploiting the accessed data yet, Shopify said the data accessed by those two employees were the “basic contact information such as email, name, and address, as well as order details, like products and services purchased.“. It assured that no payment card numbers or financial information were part of this incident.
While it reported informing all the concerned merchants involved in this incident, a question posted by a person in the comment of this notification says the Shopify has contacted the merchants already. It said,
“We don’t take these events lightly at Shopify. We have zero-tolerance for platform abuse and will take action to preserve the confidentiality of our community and the integrity of our product.”