A California man was indicted in the United States District Court For The Central District of California for allegedly stealing Shopify customer data with the help of two members of the Shopify support team.

The man, Tassilo Heinrich, allegedly paid two Shopify support team members to illicitly provide sensitive data from merchants who used the company’s payment processing platform.

Based on the Grand Jury indictment, the two Shopify support team members appear to be employees of one or more third-party contractors who abused their access rights on Shopify’s internal network.

One member apparently resides in the Philippines and the other in Portugal. Both are not named as defendants in the indictment.

While the indictment doesn’t specify exactly when the fraud started, it includes a long list of actions and communications dating back to May 2019. It is also unclear what the defendant did with the stolen data, but he allegedly paid the two contractors money to obtain this information.

In addition to allegedly stealing data from Shopify merchants and customers, apparently, the fraud also included setting up fake Shopify stores to mimic real merchant stores in order to collect personal data.

Last year, FakeSpot claimed that over 20 percent of Shopify-powered stores posed a risk to shoppers as some only existed to collect personal data.

Shopify Data Theft Includes High-Profile Store

Shopify acknowledged the original theft in late 2020 and said it involved less than 200 merchants and it was cooperating with the FBI and other international agencies.

“This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased. Complete payment card numbers or other sensitive personal or financial information were not part of this incident.”

One of the affected Shopify merchants appeared to be Kylie Cosmetics, a high-profile cosmetics company founded by Kylie Jenner in 2014, the BBC reported.

At that time, Kylie Cosmetics notified its customers that they were confident shoppers could continue to buy on its Shopify-powered store as the company had implemented additional controls to avoid this kind of incident from reoccurring.

The February indictment was first reported by TechCrunch this week. Here is a link to the indictment details.

Connect With Us And Other Small Business Owners

Please head over to our Facebook Group for Small Business Sellers and interact with other small business owners.

Follow us on FacebookTwitter, and LinkedIn to stay up to date with relevant news and business insights for your online business.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *