Shopify Inc. said two employees stole data from more than 100 merchants, potentially exposing the personal information of consumers who shopped on web stores that use the company’s e-commerce software.
“Rogue members” of Shopify’s support team were involved in a scheme to obtain customer transactional records from some of the merchants, the company said in a blog post that noted fewer than 200 sellers were affected.
Customer transaction records from some of the merchants were obtained by hackers on Sept. 15, according to an email sent to customers by 100% Pure, a cosmetics retailer that uses the Shopify platform.
Shopify terminated these two employees’ access to its network and the company is working with the Federal Bureau of Investigation and other international agencies that are investigating what it called “criminal acts.” Shopify shares slipped more than 1% in extended trading on Tuesday.
Shopify sells subscription software to help merchants run online stores. The Ottawa-based company has had a dizzying rise since going public in 2015. The coronavirus pandemic has boosted growth even more as lockdowns pushed more retailers online. It is now the most valuable Canadian company on public markets.
Article content continued
Last year, a security researcher found a bug in Shopify’s software code that could have exposed revenue information for thousands of online stores.