Shopify Incident


SKIMS recently became aware of an incident suffered by our e-commerce platform, Shopify. Shopify is a publicly traded company trusted by hundreds of thousands of brands. Numerous other brands using Shopify were also impacted.

Although their investigation is ongoing, Shopify has shared that this incident involved two members of their customer support team that obtained unauthorized access to order information for numerous brands, including SKIMS.

SKIMS is committed to protecting the security of our customers’ information and was deeply disappointed to learn that Shopify’s incident included some of our customers. Upon learning about this incident, SKIMS promptly engaged Shopify to further understand what occurred.

Shopify has informed us that it engaged an outside forensic investigation firm to assist them in investigating and remediating the situation and has reported the incident to the FBI and other international agencies and are working with law enforcement in their investigation of this incident.

We recognize the importance of protecting the privacy and security of our customers’ information and we are continuing to work diligently with Shopify to get additional information about this incident and their investigation and response to this matter.

For more information from Shopify, please view their Incident Update.

Based on the information we have received from Shopify, it appears that this incident occurred between August 24 and August 26, 2020.

SKIMS was first notified by Shopify about this incident on September 15, 2020 with further information being provided on September 24, 2020.

The data involved included names, addresses, emails, products ordered, and the last four digits of the credit card of affected customers. If you entered a phone number when checking out on the SKIMS website, your phone number may have been exposed as well. Shopify has assured us that customers’ complete payment details (full card number, card expiration date and security code) and SKIMS website account passwords were not accessed.

We are working diligently with Shopify to get additional information about this incident, including working to identify which transactions may have been affected. We will share additional information with those customers whose transactions could be affected as we learn more from the investigation.

Yes. Shopify has assured us that they have implemented additional controls designed to help prevent this type of incident from recurring in the future. Based on the investigation to date, we are confident that our customers can continue to shop safely on our website. If you have any further questions you can contact us at shopify-incident@skims.com.

Yes. Shopify has informed us that it has reported the incident to the FBI and other international agencies and are working with law enforcement in their investigation of this incident.

We are working diligently with Shopify to get additional information about this incident, including working to identify which transactions may have been affected. We will share additional information with those customers whose transactions could be affected as we learn more from the investigation. As a reminder, SKIMS will never ask you for sensitive information such as your credit card number or account password via email.