Shopify says it has fired two “rogue” employees involved in a scheme to illegitimately obtain records connected to some of its merchants.
Company spokeswoman Rebecca Feigelsohn confirmed the terminations in an email to The Canadian Press Tuesday, a day after the Ottawa-based company first revealed the data breach.
The Ottawa-based tech firm says it terminated the employees’ access to its network and referred the data breach to law enforcement.
(Sponsored)
New dean of uOttawa’s Faculty of Engineering brings a history of entrepreneurship and innovation
Caroline Cao has been impressed by many aspects of uOttawa’s Faculty of Engineering since being appointed dean in August. But it was after the faculty’s recent Design Day – a
‘Prenup of business law’: Reasonable expectations in shareholder disputes
The scenario: You’re a 60 per cent shareholder. Your business partner holds the other 40 per cent. And you’ve just found a third party who wants to buy you out.
Shopify says it doesn’t have evidence at this point in the investigation that the data was used.
It says fewer than 200 merchants whose stores were illegitimately accessed are at risk of having had their customer data exposed. This data includes basic contact information, such as email, name and address, as well as order details, like products and services purchased.
Complete payment card numbers or other sensitive personal or financial information were not involved.
Shopify, which is Canada’s most valuable company, says the incident was not the result of a technical vulnerability in its platform, and emphasized that the vast majority its customers are not affected.
“We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product,” it said in a company message board.
“To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.”
