Kylie Jenner’s make-up company has notified users of a security breach that might’ve compromised their data, including names, addresses, and the last four digits of their credit cards.
The blunder was only partially the fault of Kylie Cosmetics, though. In fact, Shopify has clarified the breach stems from two “rogue” employees from its support team, who nipped customer data from over 100 sellers (or “less than 200” in Shopify’s own words) on the platform. Jenner’s company was among the list of exploited sellers, BBC reports.
Ironically, Kylie Cosmetics is already tempting customers to continue shopping from its Shopify-powered site, assuring them the issue has since been resolved.
“Your trust is so important to us,” the company said in an email to customers. “And we wanted to let you know we’re working diligently with Shopify to get additional information about this incident and their investigation and response to this matter.”
“Shopify has assured us that they have implemented additional controls designed to help prevent this type of incident from recurring in the future,” the statement continued.
Shopify first disclosed the breach a week ago on September 22. In a blog post, the company said the two employees had been “immediately terminated” and the case had been “referred the incident to law enforcement.”
“While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant,” the company added at the time.