Retailer probes security breach
Kathmandu Holdings is investigating a data security breach on one of its websites that lasted for about a month.
The outdoor equipment chain said it recently became aware that an unidentified third party gained access to its website platform between January 8 and February 12, and may have captured customer personal information and payment details.
The retailer is notifying customers it believes may have been affected, and is in the process of telling the relevant legal and privacy authorities.
Since discovering the breach, Kathmandu said it has confirmed the online store remains secure and that the wider IT network hasn’t been impacted.
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable,” chief executive Xavier Simonet said in a statement.
“As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”
Kathmandu’s admission comes on the same day Parliament’s justice select committee reported back on the Privacy Bill, which will update legislation governing data breaches and empowers the Privacy Commissioner to issue compliance notices when the new law is enacted.