Kathmandu, an outdoor wear and equipment retailer, revealed that it suffered a data breach that disclosed its customers’ credit card and personal information. The New Zealand-based company stated that unknown intruders allegedly gained access to its online trading website for over a month between January 8, 2019, and February 12, 2019.
Kathmandu stated the hackers may have captured customer personal information and payment details entered at the check-out points. The company clarified that all Kathmandu physical stores were not impacted by the incident. As soon as Kathmandu became aware of the breach, it took immediate measures to remediate the issue. It is also working closely with leading external IT and cybersecurity consultants to investigate the incident and to find out the customers who may have been impacted.
“Kathmandu has recently become aware that between 8 January 2019 NZDT and 12 February 2019 NZDT, an unidentified third party gained unauthorised access to the Kathmandu website platform. During this period, the third party may have captured customer personal information and payment details entered at check-out,” the company said in a statement to the New Zealand Securities Exchange.
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable. As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologize to any customers who may have been impacted,” said Xavier Simonet, Chief Executive Officer of Kathmandu.
Kathmandu stated that it notified potentially affected customers and urged to contact their banks or credit card providers to know any unauthorized activity in their accounts.