[BreachExchange] Fears customer data could have been stolen in Kathmandu data breach

Destry Winant destry at riskbasedsecurity.com
Thu Mar 14 08:08:33 EDT 2019


Outdoor retailer Kathmandu is urgently investigating a month-long data
breach where an unidentified party may have stolen sensitive customer

The New Zealand-based, ASX-listed company said in a statement the
breach occurred between January 8 and February 12. Kathmandu said the
online store “is and remains secure” and it’s working with IT and
cybersecurity consultants to uncover how the breach occurred and
identify the customers impacted.

“Whilst the independent forensic investigation is ongoing, we are
notifying customers and relevant authorities as soon as practicable,”
Chief Executive Xavier Simonet said in the statement.

“As a company, Kathmandu takes the privacy of customer data extremely
seriously and we unreservedly apologise to any customers who may have
been impacted.”

Kathmandu said it is notifying the relevant privacy and law
enforcement agencies.

The latest reports from the business risk industry consistently rank
cybersecurity attacks and data breaches amongst the threat business
executives most fear.

The World Economic Forum’s Global Risks Report has ranked both events
in the top five most likely to impact businesses for the last two
years in a row.

More information about the BreachExchange mailing list