Kathmandu hacked: Retailer admits personal and payment data may have been leaked over a month ago
Wednesday, March 13, 2019/
Outdoor-gear retailer Kathmandu has only “very recently” become aware of a hack which may have leaked the personal and payment information of its customers over a month ago.
Kathmandu said this morning it suffered a security breach between January 8 and February 12 where an unidentified third party gained access to the Kathmandu website platform, gaining access to details customers enter at checkout.
A spokesperson for the retailer said it became aware of the hack “very recently” but would not go into further detail when asked.
In a statement circulated through the ASX on Wednesday, the retailer admitted it still hasn’t confirmed which of its customers have been affected but is notifying potential victims.
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable,” chief executive Xavier Simonet said in a statement posted to the ASX.
“As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”
An investigation involving “leading external IT and cybersecurity consultants” is underway, but the retailer said its wider IT environment, which includes all Kathmandu physical stores, was not affected by the breach.
Kathmandu is just the latest retailer to admit to leaking customer information in the last 12 months.
Globally, brands such as Macy’s, Adidas, Sears, Kmart (US), Best Buy, Saks Fifth Avenue, Under Armour, Forever 21, Whole Foods and EB Games owner Gamestop all admitted to data breaches in 2018.
Locally, Woolworths’ Big W gave away customer details last year in an apparent printer mishap.
In recent years, hackers have targeted retail companies as lucrative sources of up-to-date consumer information, which experts say is then used to target people with various scams.
Research released earlier this year by the Information Commissioner revealed there were 262 data breaches between October and December last year.
All that glitters is not gold: The upsurge of paid followers and engagement on LinkedIn Sue Parker DARE Group founder
Webcams and monitored bathroom breaks: Why employee monitoring is counter-productive Ian Whitworth Scene Change co-founder
Locked and uploaded: How to take bricks-and-mortar stores digital with video Michael Langdon Levity director
Why retailers have no idea about the future Dean Salakas The Party People chief
There's only one way to attract and retain millennial talent — but it'll cost you a few bricks Lauren Lowe Future Fitouts co-founder
Advice for going green, from one chief executive to another James Chin Moody Sendle co-founder