Clothing equipment retailer hit by data breach


An outdoor clothing and equipment retailer in New Zealand has been hit by a data breach, reports reveal. 

The stockist, named Kathmandu, admitted that an intrusion took place on its systems at the start of 2019. Customer credit card details and further personal information was compromised after hackers apparently got into the firm’s IT systems in charge of online trading.

While the company does not yet know who is behind the cyber-attack, it is known that the criminal activity took place for over a month between January 8th and February 12th.

It is possible that the hackers accessed consumers’ personal details and payment information via weaknesses in the online check-out areas, Kathmandu said.

The retailer also underlined that physical outlets were untouched by the cyber-criminals. The damage was prevented from spreading thanks to the prompt action Kathmandu took in reporting the breach as soon as it was discovered. As a result, the extent of the intrusion is being calculated, and mitigating measures are being taken in the quickest time possible.

The company is currently collaborating with IT specialists both internally and externally in a full investigation of the incident and to establish the precise number of potential victims.

In a statement, Xavier Simonet, Chief Executive Officer of Kathmandu, said:

“Kathmandu has recently become aware that between 8 January 2019 NZDT and 12 February 2019 NZDT, an unidentified third party gained unauthorised access to the Kathmandu website platform.

During this period, the third party may have captured customer personal information and payment details entered at check-out.

“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable. As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”

Kathmandu is contacting potentially affected customers directly, and advises any customer who believes they may have been impacted to contact their banks or credit card providers and follow their recommended advice.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.