Kathmandu online store hacked in a month-long breach

Giulio Saggin
Giulio Saggin
Tuesday, 28 November 2023

Kathmandu has announced it suffered a data breach that saw customers' personal and payments information captured, including billing and shipping name, address, email and phone number. Credit and debit card details used on the Kathmandu website were also accessed. The breach took place between January 8 and February 12, 2019, after "an unidentified third party gained unauthorised access to the Kathmandu web platform." The company told the ASX: "During this period, the third party may have captured personal information and payment details entered at check-out". They couldn't say how many customers were affected. “Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable,” said Kathmandu CEO, Xavier Simonet. “As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.” Kathmandu is now working closely with cyber security specialists in order to investigate the incident, and the breach has been reported to the Australian Cyber Crime Online Reporting Network and the New Zealand police.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203