Kathmandu security breach may have captured customer data

Marco Green
March 15, 2019

Kathmandu issued an ASX statement on Wednesday notifying authorities of a security incident that has reportedly put its online trading websites in a position of vulnerability. It is also working closely with leading external IT and cybersecurity consultants to investigate the incident and to find out the customers who may have been impacted.

Information that may have been accessed includes billing and shipping addresses, email addresses, phone numbers, credit and debit card details, customer loyalty club usernames and passwords, and delivery instructions.

Simonet added that the business is now in the process of notifying the relevant privacy and law enforcement agencies.

Kathmandu's wider IT environment, including its bricks-and-mortar stores, has not been affected by the security breach.

A Kathmandu spokesperson told IR that the business is now investigating how many customers are affected by the breach, but that it remains an ongoing process.

Kathmandu spokeswoman Helen McCombie said the company took immediate steps to secure the data as soon as it became aware of the breach. "As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologize to any customers who may have been impacted", said Xavier Simonet, Chief Executive Officer of Kathmandu.

"If you used another credit or debit card on our site between 8 January 2019 and 12 February 2019, we recommend that you review and continue to monitor your financial and payment card account statements for any discrepancies or unusual activity".

While Kathmandu did not reveal how many consumers might be affected by the breach, it confirmed it would notify potentially impacted customers directly.

Other reports by Click Lancashire

Discuss This Article