ClearTips has indicted a grand jury California resident accused of stealing Shopify customer data on more than one hundred merchants.
The indictment accused Tacillo Heinrich of stealing customer and customer data from Shopify to gain a competitive edge to customer support agents who conspired to commit wire fraud with serious identity theft and two frauds. “Trade Away From Those Merchants,” the indictment. Reads. Heinrich is also accused in the indictment, believed to be about 18 years old at the time of the alleged scheme, selling data to other co-conspirators to commit fraud.
The person with direct knowledge of the security breach was referred to the victim’s unknown company in Shopify’s confirmation.
Last September, Shopify, an online e-commerce platform for small businesses, revealed a data breach by two “rogue members” of its third-party customer support team that targeted “at least 200 merchants”. Shopiz said he fired two merchants for engaging in “plans to obtain customer transaction records of certain merchants”.
Shopify said the contractors stole customer data, including names, mailing addresses, and order details, such as products and services that were purchased. A merchant who received a data breech notice from Shopify said that the last four digits of the affected customers’ payment cards were also taken, which confirms the indictment.
One of the victims, Kylie Jenner’s cosmetics and makeup company, Kylie Cosmetics, told the BBC.
The indictment accused Heinrich of having an employee of a third-party customer support company in the Philippines take screenshots to access parts of Shopis’ internal network or upload data to Google Drive in exchange for a kickbox. Heinrich paid the employee thousands of dollars worth of cryptocurrencies, and also claimed fake positive reviews to be from merchants whom the employee had provided customer service to, but did not leave a response. The indictment alleged that Heinrich received a year’s worth of data from some merchants.
Heinrich reportedly spent at least a year to increase the amount of data from Shopify’s internal network, at one point asking if they could “remotely access” a sleeping customer support employee’s computer Huh.
In a brief statement, Shopify spokesman Rebecca Feigelssohn said: “Shopify collaborated with the FBI to investigate the incident involving the data of a small number of our merchants in September 2020. As previously stated, Criminals have no business with Shopify. Because there is an active criminal investigation, we are unable to provide further comment at this time. “
Heinrich was arrested by the FBI in February at Los Angeles International Airport and is currently detained in a lawsuit pending federal custody, scheduled to begin September 7. Heinrich pleads not guilty.
Updated with comment from Shopify.