1. What happened/how did this happen?

     

    According to Shopify’s reports, two rogue support agents had been engaged in a scheme to access customer information from merchants without authorization. The individuals' access was immediately revoked, and the incident was promptly reported to law enforcement. Following Shopify’s discovery of this incident in September 2020, Shopify informed BH Cosmetics that we were not affected. Later in December 2020, the platform uncovered new evidence that BH Cosmetics’ customer data was in fact affected, and recently notified us.
    BH Cosmetics was not the only company impacted by this incident. Because of that, you may have received earlier notifications from other companies you’ve shopped online with that also use the Shopify platform. Because Shopify did not inform BH Cosmetics that we were affected until recently, you are just hearing from us now

     

     

  2. What information was affected?

     

    The personal information involved could have included your name, mailing or billing address, email address, phone number, information about the BH Cosmetics items purchased, and discounts applied.
    Shopify has informed us that the data does not include complete payment or credit card numbers or other sensitive personal or financial information.

     

     

  3. What actions have been taken in response?

     

    Shopify has informed us that they have suspended the individuals’ access to their network, notified law enforcement, and engaged a third party digital forensics firm to conduct an independent investigation. Shopify’s investigation is ongoing.

     

     

  4. What if I have more questions about this incident?

     

    Shopify’s public announcement of the incident is available here.

     

     

  5. I am a BH Cosmetics customer, why did I not receive an email notification?

     

    BH Cosmetics is notifying customers where required by law. We are not aware of any misuse of your personal information as a result of this incident, and it is unlikely that the type of information involved could be used for fraud or identity theft.

     

     

    Have a question? Email our team at support@bhcosmetics.com