According to Shopify, the two employees used their permissions to access customer transactional records from some merchants. The company says less than 200 merchants are impacted by the incident and they have all been notified.
The exposed merchant customer data included name, email address, physical address, and order details (e.g. products and services purchased), but payment card or other financial information were not impacted.
