However, it seems that the data stolen was not due to a hack from outside forces, but rather two rogue employees. According to the company, “Our investigation determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants. We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement.”
Shopify is emphasizing that the data stolen was not a result of a hack or a breach, so for the most part, the data belonging to customers are still secure, save for those who were affected by it. “This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased. Complete payment card numbers or other sensitive personal or financial information were not part of this incident.”
The company also notes that they have since gotten in touch with stores who were affected by this, who in turn should be notifying customers who were affected as well.