Canadian multinational e-commerce company Shopify has confirmed a data breach.
While the incident wasn't caused by a bug or a hacker, the e-commerce platform experienced a breach known as "insider threats".
In its case, two “rogue” employees working as its support team, managed to steal customer data from “less than 200 merchants.”
In its investigation, the two employees, who have since been fired, were “engaged in a scheme to obtain customer transactional records of certain merchants.”
In its announcement, the online shopping site said that:
The breach was said to have happened back in September 15.
The two employees managed to steal the data using Shopify’s Orders API, which allows merchants to process orders on behalf of their customers.
While the data was stolen, Shopify has no evidence to suggest that the data was used. But the company has notified affected merchants about this incident.
Shopify also said it had referred the matter to the FBI.
"We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts," the company stated in the statement.
"We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product."
"To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day."