+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Kylie Jenner's cosmetics company was affected by the Shopify data breach, where 'rogue' staff members may have exposed customer details

Sep 30, 2020, 23:59 IST
Business Insider
REUTERS/Kevork Djansezian
  • Kylie Jenner’s cosmetics company confirmed that it was one of the companies affected by the Shopify data breach earlier this month.
  • Two Shopify employees may have exposed customer contact and order details from 200 merchants, Shopify said on September 23.
  • Kylie Cosmetics said it was “deeply disappointed” to learn that the breach affected its customers, but remains “confident” that customers can still use its site.
Advertisement

Kylie Jenner's makeup company has warned customers that their data — including parts of their credit card numbers — may have been exposed in a Shopify security breach.

Two "rogue" Shopify staff members stole order records and may have exposed customers' names, email and postal addresses, and order details from less than 200 merchants, the Canadian e-commerce giant said on September 23. Kylie Cosmetics was among those affected, the beauty brand announced on its website.

The breach may have compromised the last four digits of some customers' credit card numbers, Kylie Cosmetics said in an email first reported by TMZ on September 29 but confirmed that full payment details weren't accessed.

The cosmetics company, which uses Shopify for its online transactions, said it was "deeply disappointed" to learn that the breach affected its customers.

Kylie Cosmetics launched an investigation into the incident, it said, and was working closely with Shopify to get additional information.

Advertisement

Kylie Cosmetics was working to identify which transactions may have been affected, the company added and said it would inform affected customers.

On September 23, Shopify said there was no evidence that the data had been used, but that it was still in the "early stages" of its investigation. The company was working with the FBI, other international crime agencies, and a digital forensics firm, it said.

The theft wasn't caused by any "technical vulnerability" in the platform, it said, describing the employees as two "rogue" members of its support team.

The company immediately terminated the employees' access to the Shopify network and referred the incident to law enforcement, it said.

The incident took place between August 15 and September 15, the company said.

Advertisement

When contacted by Business Insider, Shopify referred to its earlier statement from September 23, which read: "We don't take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product."

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article