Shopify says it has terminated two “rogue” employees who were involved in a scheme to steal customer information from some of the company’s merchants.
The Ottawa-based technology company says fewer than 200 merchants were included in the breach, but that an unknown number of customers of those merchants may have had their information stolen.
The information stolen includes basic things such as names and email addresses, as well as data about what products they purchased, but did not include financial information such as credit card or banking details.
“We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement,” the company said.
“We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.”
The company stressed that the breach was not the result of some sort of technical vulnerability, and that the vast majority of the company’s one million merchants and the customers who shop from them online were not affected. Any affected merchants have been notified.
“We don’t take these events lightly at Shopify,” the company said. “We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.”
Shares in the company fell 1.6 per cent on Tuesday in extended trading on a down day for markets overall.
The company’s shares have more than doubled in value this year, as the company is one of numerous tech names whose business has boomed during the pandemic because of higher demand for online services.