Two "rogue members" of e-commerce group Shopify attempted to steal customer information from merchants and may have exposed the data, the online payment platform says.
Shopify said it had fired the two workers and added that fewer than 200 online traders, who Shopify has notified, were affected by the data breach, but that an unidentified number of clients may have had their data compromised.
The breach included names, mailing addresses and details about what products were bought. Over a million merchants use Shopify to sell their products on the internet.
Shopify said there was no proof the information had been used, and that it was still in a preliminary phase of its probe. The company is working with the U.S. Federal Bureau of Investigation and other international crime organizations, it said.
So far, the investigation showed that the two rogue employees were involved in "a scheme to gather customer transactional records of certain merchants," TechCrunch quoted a blog post as saying.
"We have immediately terminated these persons' access to our network and referred the incident to law enforcement agencies," Shopify said according to a CBC News report.
According to an email sent by 100% Pure, a skincare cosmetics seller that uses the Shopify platform, hackers stole the company's information Sept. 15, Bloomberg News reported.
Shopify didn't provide any details on how many clients were affected by the data breach, but an email sent by the Canada multinational contained the exact number of records lost. In one merchant's case, over 1.3 million customer records, and more than 4,900 were accessed, TechCrunch said.
Shopify's share price has more than doubled this year as a result of increasing demand for online products.
