itb-nz logo
Story image

Kathmandu breached, customer information accessed

14 Mar 2019

Outdoor equipment retailer Kathmandu has suffered a data breach which gave a third party access to customer information for a month.

In a statement on its investor relations site, Kathmandu says it is urgently investigating a security incident with its online trading websites.

Kathmandu recently became aware that between January 8, 2019, and February 12, 2019, an unidentified third party gained unauthorised access to the Kathmandu website platform.

During this period, the third party may have captured customer personal information and payment details entered at checkout.

The personal information which could have been impacted by the incident may include some or all of the following categories of information (if provided by customers):

  • billing and shipping name, address, email and phone number;

  • the credit/debit card details provided to complete the purchase;

  • Kathmandu Summit Club username and password;

  • special instructions relating to an order (including pick up/delivery details); and

  • any gift card details.

Kathmandu says it took immediate steps to confirm that the Kathmandu online store is and remains secure.

The wider IT environment including all Kathmandu physical stores were not impacted by the incident.

Since then, Kathmandu has been working closely with leading external IT and cybersecurity consultants to fully investigate the circumstances of the incident and confirm which customers may have been impacted.

Kathmandu is notifying potentially affected customers directly.

It has also notified the relevant authorities, including the Information Commissioner's Office in the UK, the Office of the Australian Information Commissioner, the New Zealand Privacy Commissioner and reported the incident to the Australian Cyber Crime Online Reporting Network and the New Zealand Police.

In a statement on its website, Kathmandu said that it’s also working alongside agencies and regulators in other jurisdictions.

Kathmandu advised any customer who believes they may have been impacted to contact their banks or credit card providers and follow their recommended advice.

“If you used an Australian issued Visa, Visa Debit or Mastercard on our site between January 8, 2019 and February 12, 2019, Visa and Mastercard may have taken steps to block your card and have it reissued. If your card has not been reissued, contact your bank for more information as soon as possible.

“If you used another credit or debit card on our site between 8 January 2019 and 12 February 2019, we recommend that you review and continue to monitor your financial and payment card account statements for any discrepancies or unusual activity. Contact your financial institution if you have any concerns.”

Kathmandu chief executive officer Xavier Simonet says, “Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable.

“Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”

Story image
Why Southeast Asia is at the forefront of a new wave of sustainable data centers
The APAC region is set to be the biggest market for data centers by 2021, with a total market size to be around US$28 billion by 2024 for colocation data centres, according to a new joint report from Digital Realty and Eco-Business. Southeast Asia is a key player in the region, representing around 13% of the region’s total market size.More
Story image
ECI Software Solutions acquired by Leonard Green & Partners
"We are excited to welcome LGP as our new partner, and I am confident that this is the right choice for our future – and the future of our 1,700 employees and more than 22,000 customers.”More
Story image
AR and VR presents huge potential for construction industry, but businesses slow to adopt
According to GlobalData, the construction industry is slowly shifting from years of the wait-and-watch stance to adopting digital technologies to improve the overall project lifecycle from conceptual design to construction.More
Story image
DevSecOps increasingly important, but APAC organisations lagging behind
The rise of DevSecOps comes at a time when IT leaders are faced with an increasingly active cyber threat landscape, coupled with higher consumer expectations of digital offerings and application usage due to a sharp increase in online activities.More
Story image
Research: NZ easy-pickings for cyber-criminals
One in ten businesses would be willing to pay $50,000-plus to retrieve ransomed data and half aren’t aware of the incoming data privacy laws.More
Story image
Voice phishing attacks on the rise, remote workers vulnerable
There is an increase in voice phishing attacks, where hackers use existing employee names in attempt to trick victims into sharing login credentials and data by phone.More