Shopify (SHOP) has found itself embroiled in a scheme that may have been undertaken by two “rogue members of its support team” to steal customer data from about 200 merchants.

While the shopping platform immediately terminated the employees’ access to its network, the workers had obtained customer transactional records, including email, name, address, and order details.

Shopify said in a message board post, “While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.”

The company said that payment card numbers or other sensitive personal or financial information were not involved in the criminal incident.

Shopify maintained that its platform is secure, and the majority of merchants on the site were not affected by the data breach. Those impacted by the incident include less than 200 of Shopify’s more than 1 million sellers.

“Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns,” the company said. “We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.”

The incident was referred to law enforcement, and Shopify is currently working with the FBI and other international agencies in an investigation of the incident.

Shares of Shopify were trading at $940.73 as of 1:42 p.m. EDT, down $13.52 or 1.42%.

Credit Cards A phishing scam asked PayPal users to take a selfie with their credit card and identification. Photo: Petr Kratochvil