Tuesday, September 22, 2020
"We understand the importance of your personal information and we sincerely regret any concern this breach may cause you," 100% PURE wrote. It then provided the following information about the nature and extent of the breach:
"Customer transactional records from a small number of merchants were compromised on September 15, 2020," 100% PURE wrote. "Shopify promptly opened an investigation, with the assistance of outside forensic experts to determine the cause and scope of the compromise. The investigation determined that unauthorized individuals obtained order records."
"The incident did not impact complete credit card information, bank account information, and/or social security numbers," the company wrote. "Shopify has determined, however, that the information obtained may include: name, telephone number, email address, shipping and billing addresses, purchase history and the last 4 digits of the credit card."
"100% PURE™ is notifying you out of an abundance of caution," 100% PURE statesd. "Shopify has assured us and you of its commitment to prevent future data comprises; it already implemented several changes to better protect your data. Their teams were able to quickly identify the vulnerability associated with this incident and took swift action to resolve it."
The company went on to say that because "no complete payment card numbers or other sensitive information were exposed, the likelihood of identity theft resulting in fraudulent transactions is low." The company also stated it takes the privacy and security of consumers' personal data seriously and encouraged customers with question to reach out to its customer service team at 1-844-787-3100 or customerservice@100percentpure.com .
As of 2 p.m. PDT on Sept. 22, an internet search found no mention of this data breach. The Green Sheet will follow this story to ascertain whether it affects more retailers and consumers than initially appears.
At 3:59 p.m. (time zone not given) on Sept. 22, Shopify verified on a Shopify community web page that an "incident" had occurred involving rogue members of the company's support staff and not a network vulnerability.
Following is the text of Shopfy's notice:
"Recently, Shopify became aware of an incident involving the data of less than 200 merchants. We immediately launched an investigation to identify the issue--and impact--so we could take action and notify the affected merchants.
"Our investigation determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants. We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.
"This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected. However, those whose stores were illegitimately accessed may have had customer data exposed. This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased. Complete payment card numbers or other sensitive personal or financial information were not part of this incident.
"Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns. We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.
"To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day." 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
