Kathmandu online store hacked in a month-long breach
Kathmandu has announced it suffered a data breach that saw customers' personal and payments information captured, including billing and shipping name, address, email and phone number. Credit and debit card details used on the Kathmandu website were also accessed.
The breach took place between January 8 and February 12, 2019, after "an unidentified third party gained unauthorised access to the Kathmandu web platform."
The company told the ASX: "During this period, the third party may have captured personal information and payment details entered at check-out". They couldn't say how many customers were affected.
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable,” said Kathmandu CEO, Xavier Simonet. “As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”
Kathmandu is now working closely with cyber security specialists in order to investigate the incident, and the breach has been reported to the Australian Cyber Crime Online Reporting Network and the New Zealand police.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.