Kathmandu hacked: Retailer admits personal and payment data may have been leaked over a month ago
Wednesday, March 13, 2019/
Outdoor-gear retailer Kathmandu has only “very recently” become aware of a hack which may have leaked the personal and payment information of its customers over a month ago.
Kathmandu said this morning it suffered a security breach between January 8 and February 12 where an unidentified third party gained access to the Kathmandu website platform, gaining access to details customers enter at checkout.
A spokesperson for the retailer said it became aware of the hack “very recently” but would not go into further detail when asked.
In a statement circulated through the ASX on Wednesday, the retailer admitted it still hasn’t confirmed which of its customers have been affected but is notifying potential victims.
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable,” chief executive Xavier Simonet said in a statement posted to the ASX.
“As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”
An investigation involving “leading external IT and cybersecurity consultants” is underway, but the retailer said its wider IT environment, which includes all Kathmandu physical stores, was not affected by the breach.
Kathmandu is just the latest retailer to admit to leaking customer information in the last 12 months.
Globally, brands such as Macy’s, Adidas, Sears, Kmart (US), Best Buy, Saks Fifth Avenue, Under Armour, Forever 21, Whole Foods and EB Games owner Gamestop all admitted to data breaches in 2018.
Locally, Woolworths’ Big W gave away customer details last year in an apparent printer mishap.
In recent years, hackers have targeted retail companies as lucrative sources of up-to-date consumer information, which experts say is then used to target people with various scams.
Research released earlier this year by the Information Commissioner revealed there were 262 data breaches between October and December last year.
Be honest about your situation: How vulnerability helps businesses thrive Sue Parker DARE Group founder
Own it: The 10 things you need to do to manage your personal brand Lisa Stephenson Who Am I Projects founder
Six invaluable lessons: What 20 years in aged care taught me about being an entrepreneur Natasha Chadwick NewDirection Care founder
An entrepreneurial superpower: Eight tips to help develop resilience Adala Bolto ZADI Training co-founder
Going through a lull? Five areas you should invest in when sales drop Tamara Alaveras and Sonia Majkic 3 Phase Marketing co-founders
Stop telling us how busy you are, it's boring and charmless Ian Whitworth Scene Change co-founder
Blandification™ and the state of modern branding Jeffrey Oley The Offices co-founder
Why you should find the right role for the right person — not the other way around Bruce Stronge Outfit founder