Toronto-based Shopify says that two rogue employees are behind a data breach that has affected less than 200 merchants on its platform.
“Our investigation determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants,” Shopify outlined in a blog post.
The company says that customer data from affected merchants may have been exposed, and that it’s working with law enforcement regarding the breach.
The customer data that could have potentially been exposed includes basic contact information, such as emails, names, addresses and order details.
Shopify says that payment card details and other sensitive personal information have not been exposed. It’s currently unknown how many customers may have been affected.
“While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant,” Shopify notes.
Shopify has said that the breach was not the result of any vulnerabilities in its platform. It says that the vast majority of merchants using Shopify are not affected. It’s worth noting that Shopify has more than a million merchants on its platform.