Outdoor-gear retailer Kathmandu has only “very recently” become aware of a hack which may have leaked the personal and payment information of its customers over a month ago.
Kathmandu said this morning it suffered a security breach between January 8 and February 12 where an unidentified third party gained access to the Kathmandu website platform, gaining access to details customers enter at checkout.
A spokesperson for the retailer said it became aware of the hack “very recently” but would not go into further detail when asked.
In a statement circulated through the ASX on Wednesday, the retailer admitted it still hasn’t confirmed which of its customers have been affected but is notifying potential victims.
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable,” chief executive Xavier Simonet said in a statement posted to the ASX.
“As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”
An investigation involving “leading external IT and cybersecurity consultants” is underway, but the retailer said its wider IT environment, which includes all Kathmandu physical stores, was not affected by the breach.
Kathmandu is just the latest retailer to admit to leaking customer information in the last 12 months.
Globally, brands such as Macy’s, Adidas, Sears, Kmart (US), Best Buy, Saks Fifth Avenue, Under Armour, Forever 21, Whole Foods and EB Games owner Gamestop all admitted to data breaches in 2018.
Locally, Woolworths’ Big W gave away customer details last year in an apparent printer mishap.
In recent years, hackers have targeted retail companies as lucrative sources of up-to-date consumer information, which experts say is then used to target people with various scams.
Research released earlier this year by the Information Commissioner revealed there were 262 data breaches between October and December last year.