Kathmandu hacked: Retailer admits personal and payment data may have been leaked over a month ago
Wednesday, March 13, 2019/
Outdoor-gear retailer Kathmandu has only “very recently” become aware of a hack which may have leaked the personal and payment information of its customers over a month ago.
Kathmandu said this morning it suffered a security breach between January 8 and February 12 where an unidentified third party gained access to the Kathmandu website platform, gaining access to details customers enter at checkout.
A spokesperson for the retailer said it became aware of the hack “very recently” but would not go into further detail when asked.
In a statement circulated through the ASX on Wednesday, the retailer admitted it still hasn’t confirmed which of its customers have been affected but is notifying potential victims.
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable,” chief executive Xavier Simonet said in a statement posted to the ASX.
“As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”
An investigation involving “leading external IT and cybersecurity consultants” is underway, but the retailer said its wider IT environment, which includes all Kathmandu physical stores, was not affected by the breach.
Kathmandu is just the latest retailer to admit to leaking customer information in the last 12 months.
Globally, brands such as Macy’s, Adidas, Sears, Kmart (US), Best Buy, Saks Fifth Avenue, Under Armour, Forever 21, Whole Foods and EB Games owner Gamestop all admitted to data breaches in 2018.
Locally, Woolworths’ Big W gave away customer details last year in an apparent printer mishap.
In recent years, hackers have targeted retail companies as lucrative sources of up-to-date consumer information, which experts say is then used to target people with various scams.
Research released earlier this year by the Information Commissioner revealed there were 262 data breaches between October and December last year.
Amantha Imber runs a successful business — but she still has impostor syndrome Amantha Imber Inventium founder
Social media isn't about numbers, it's about connection Carlii Lyon Carlii Lyon PR founder
"My early decisions were rooted in fear": How good hires can set small business owners free Nancy Youssef Classic Finance founder
"No staff turnover": Business success hinges on a thriving company culture David Fazio Mate co-founder
Five ways to mentally prepare for the brutal capital-raising process Stacey Fisher Minnow Designs co-owner
In the age of online shopping, it's retail staff that make or break businesses Cal Doggett Properties & Pathways director