Source: AAP Image/Mick Tsikas.
Outdoor-gear retailer Kathmandu has only “very recently” become aware of a hack which may have leaked the personal and payment information of its customers over a month ago.
Kathmandu said this morning it suffered a security breach between January 8 and February 12 where an unidentified third party gained access to the Kathmandu website platform, gaining access to details customers enter at checkout.
A spokesperson for the retailer said it became aware of the hack “very recently” but would not go into further detail when asked.
In a statement circulated through the ASX on Wednesday, the retailer admitted it still hasn’t confirmed which of its customers have been affected but is notifying potential victims.
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable,” chief executive Xavier Simonet said in a statement posted to the ASX.
“As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”
An investigation involving “leading external IT and cybersecurity consultants” is underway, but the retailer said its wider IT environment, which includes all Kathmandu physical stores, was not affected by the breach.
Kathmandu is just the latest retailer to admit to leaking customer information in the last 12 months.
Globally, brands such as Macy’s, Adidas, Sears, Kmart (US), Best Buy, Saks Fifth Avenue, Under Armour, Forever 21, Whole Foods and EB Games owner Gamestop all admitted to data breaches in 2018.
Locally, Woolworths’ Big W gave away customer details last year in an apparent printer mishap.
In recent years, hackers have targeted retail companies as lucrative sources of up-to-date consumer information, which experts say is then used to target people with various scams.
Research released earlier this year by the Information Commissioner revealed there were 262 data breaches between October and December last year.
NOW READ: ATO warning as $800,000 stolen: Are data breaches fuelling sophisticated scams?
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.