In late January 2019, the Organization discovered that a malicious code had been uploaded onto its Shopify e-platform in order to scrape credit card numbers and other personal information. The Organization determined that the malicious code was operating between November 11, 2016 and February 16, 2017. The Organization?s investigation determined that an unauthorized third party may have compromised the credentials of an employee?s account in order to access the platform, and insert the malicious code. The Organization can not rule out the possibility that the malicious code could have successfully scraped customer information. The Organization confirmed that a new security feature added to its e-commerce platform on February 16, 2017 prevented the code from functioning after that date.