Shopify data breach hits Kylie Jenner make-up firm

(Image credit: Shutterstock.com / melissamn)

Customers of Kylie Jenner’s make-up company have been warned that their personal data could have been compromised following a data breach at ecommerce platform Shopify.

Blame for the event has been laid at a pair of ‘rogue’ Shopify staff members, who allegedly stole order records from Kylie Cosmetics. The theft is estimated to have targeted at least 100 sellers operating on the Shopify platform.

According to the Canadian e-commerce company, the issue occurred on September 23 and could have exposed the names of customers along with email and postal addresses. Shopify has also identified some customer credit card data as being at risk too, with the last four digits of cards potentially being exposed. However, it claims full payment details were not compromised following the breach.

Take a look at the best credit card processing service
Check out the best point of sale systems
The best tax software around today

Kylie Cosmetics has since launched an investigation into the security issue and said it is working with Shopify to identify any transactions that may have been affected. The company added that it would be getting in contact with any of its customers who might have had their personal information compromised. Shopify is also working with the FBI and other agencies investigating the matter.

Data breach

Kylie Cosmetics has since launched an investigation into the security issue and said it is working with Shopify to identify any transactions that may have been affected.

The company added that it would be getting in contact with any of its customers who might have had their personal information compromised. Shopify is also working with the FBI and other agencies investigating the matter.

"Insider threat is a very real issue that gets little attention," noted Lamar Bailey, senior director of security at Tripwire. "Support engineers are often an entry-level job so it is easier for someone to infiltrate the organization at this level. A bad actor looking to gain company data can easily use a fake identity to secure a job then use this position as a launching point for gathering data to sell on the black market.

"It is imperative that organizations have security controls in place for users, access, and file monitoring to look for employees accessing systems, code, or data they do not need access to. A stance of least privilege for everyone is the best policy. With the current industry skills gap, organizations may not be as diligent validating the background of new employees.”

Keep your business safe with the best endpoint protection software

Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.