New Zealand-based outdoor clothing and equipment retailer Kathmandu Holdings has opened an investigation into a data breach with its online trading websites.
The incident happened between 8 January and 12 February this year.
According to the firm, an unidentified third party secured unauthorised access to its website platform and may have ‘captured’ customer personal information and payment details that were entered at check-out.
Kathmandu has stated it has taken immediate steps to block the hacker from accessing relevant customer information. It has also confirmed that its platform is secure and its wider IT environment, covering all Kathmandu physical stores, was not affected by this incident.
The retailer is currently working with external IT and cyber security consultants to fully investigate the events of the incident and pinpoint the impacted customers. It is also alerting relevant privacy and law enforcement agencies and potentially affected customers directly.
Customers, who believe they may have been affected, are asked to contact their banks or credit card providers.
Kathmandu Holdings chief executive officer Xavier Simonet said: “Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable.
“As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”
Kathmandu Holdings operates 167 stores, including 118 in Australia, 48 in New Zealand and one in the UK, as well as four online stores.