Insiders in Shopify and patients records leaked by an employee

4000 patients records appeared to be exposed over the past few years. The employee working at the Montefiore Medical Center was terminated due to the security breach.

The exposure was detected in July by the medical center which claimed that the patients’ data was compromised from January 2017 to July 2020. Dates of birth, addresses, Social Security numbers were open for unauthorised use.

On Friday the hospital started to inform its patients about the personal data theft which impacted about 4000 patient records, and dismissed the employee allegedly responsible for the breach.

Montefiore management says that a monitoring solution helped the center discover access violations. The medical center is going to further boost its monitoring measures and provide the staff with training programs. Patients will benefit from identity recovery services, monitoring and insurance policy issued to offset the damage caused by the breach.

Two employees of Shopify are said to have stolen the records belonging to nearly 200 merchants. The insiders attempted to take transaction information which included contact details (emails, names, addresses) and purchasing data (what was purchased). So far it has been reported that no payment data was compromised.

The e-commerce platform claimed to have informed the impacted stores, though didn’t mention who exactly got affected.

The staffers’ access to the corporate network was denied as soon as the violation was detected. Shopify fairly admitted to having no technical issues due to which the leakage could occur, pointing at an internal source of fraud.

Federal Bureau of Investigation is helping Shopify conduct the investigation.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.