Online e-commerce giant Shopify is working with the FBI and other law enforcement agencies to investigate a security breach caused by two rogue employees.
The company said two members of its support team accessed and tried to obtain customer transaction details from Shopify shop owners (merchants).
Shopify estimated the number of stores that might be affected by the employees' actions at less than 200. The company boasted more than one million registered merchants in its latest quarterly filings.
The e-commerce giant said the incident is not the result of a vulnerability in its platform but the actions of rogue employees.
"We immediately terminated these individuals' access to our Shopify network and referred the incident to law enforcement," the company said in a prepared statement. "We are currently working with the FBI and other international agencies in their investigation of these criminal acts."
An investigation into the security breach is still in its early phases. Shopify promised to notify impacted merchants and customers as relevant.
The transaction data that the rogue employees might have gained access to includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased.
Shopify said payment card numbers or other sensitive personal or financial information was not included in the data the staffers could have accessed.
Another incident caused by malicious insiders
The incident disclosed by Shopify is the third incident of a "malicious insider" in the past month. Instacart and Tesla acknowledged similar incidents last month.
Instacart said two employees working for a company providing tech support services for Instacart shoppers "may have reviewed more shopper profiles than was necessary in their roles as support agents." The company had to notify 2,180 shoppers as a result of this breach.