After laying off about 1000 employees in July, many of whom were support personnel, Shopify is reportedly filling in the gaps with outsourced contractors from TaskUs, according to Business Insider (paywall).
Shopify is stepping up its use of outsourced customer-service representatives, three workers employed in the company's support division, said...
...Many of the dozens of new contractors were hired through the digital-outsourcing company TaskUs and are in the Philippines. Shopify has previously used outsourced customer-support agents in India as well, the employees who spoke with Insider said.
The TaskUs contractors appear to be taking on roles throughout Shopify's support organization, including on "high-tiered" teams and on teams that work with Shopify Plus merchants. Plus merchants pay at least $2,000 a month for a subscription.
Shopify and TaskUs have an interesting, and possibly concerning history. They were both named as defendants in a class-action lawsuit filed in April 2022, alleging the companies were negligent in handling a 2020 data breach which impacted dozens of Shopify merchants, including Ledger, which makes cryptocurrency wallets.
Plaintiffs filed suit in the District Court for the District of Delaware against Shopify Inc. and TaskUs Inc., alleging that the companies failed to implement measures to prevent a data breach that resulted in a breach of their personal information and cryptocurrency portfolios.
The breach occurred in 2020 and affected Leger SAS cryptocurrency hardware wallets, which had contracted with third-party vendors Shopify and TaskUs to process its customers’ personal information. The breach affected 272,000 individuals’ names, email addresses, postal addresses, and phone numbers.
The complaint alleges that the affected personal information was published online. It was also alleged that some individuals were faced with physical violence or blackmail threats if they did not transfer their crypto assets to the cybercriminals, which led to millions of dollars in cryptocurrency stolen.
Shopify's message to merchants at the time didn't name TaskUS or even indicate it had been contract workers responsible, simply saying it was "two rogue members of our support team" who were then terminated.
Recently, Shopify became aware of an incident involving the data of less than 200 merchants. We immediately launched an investigation to identify the issue--and impact--so we could take action and notify the affected merchants.
Our investigation determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants. We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.
This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected. However, those whose stores were illegitimately accessed may have had customer data exposed. This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased. Complete payment card numbers or other sensitive personal or financial information were not part of this incident.
If you're a Shopify merchant, have you noticed changes in the quality of support? Does it concern you that Shopify is still using TaskUs for outsourced support after the data breach incident? Let us know in the comments below!