Shopify (NYSE:SHOP) revealed on an online discussion forum that customer data was exposed when "two rogue members" of the company's support team were "engaged in a scheme to obtain customer transactional records of certain merchants." The individuals accessed the records of fewer than 200 merchants before the incident was exposed.
When the breach was discovered, the offending employees were immediately locked out of Shopify's network and the information was turned over to the Federal Bureau of Investigation (FBI) and the Royal Canadian Mounted Police.
The data exposed included basic contact information, including email, customer names, addresses, and the products purchased. On a positive note, however, Shopify said the individuals were not able to gain access to complete credit card numbers or "other sensitive personal or financial information." At this point, there's no indication that the customer information was being used, but Shopify said that they were still in the early stages of the investigation.
The e-commerce leader was quick to point out that the "incident was not the result of a technical vulnerability in our platform," and that the "vast majority" of its more than 1 million merchants were unaffected.
Shopify also disclosed that it had already notified all the affected merchants and was working with them to address the issue.
The company has experienced massive adoption of its platform by merchants since the onset of the pandemic, with the number of stores growing by 71% year over year in the second quarter alone. That has translated into significant sales growth, as revenue climbed 97% and gross merchandise volume soared 119%.
So far this year, Shopify stock has gained nearly 137%.