Payment details and personal data of Kathmandu’s online customers has been compromised by a third party after the company revealed some of its systems had been breached.
According to Kathmandu, the third party gained access from the 8th of January 2019 (NZDT) to the 12th of February 2019 (NZDT).
During this time, “the third party may have captured customer personal information and payment details entered at check-out,” said the company in a press release to the New Zealand stock exchange.
The information compromised by the third party included customer's debit and credit card details, shipping address, name, email and phone number.
Kathmandu among other major Australian companies which run the Magento virtual shopping cart software were subject to the Magentocore.net skimmer script that captures personal details entered into check-out forms.
The business launched a full investigation into the matter alongside leading IT and cyber security specialists, with Chief Executive Xavier Simonet stating “Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable.
“Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.” he said.
Customers have been urged by Kathmandu to contact their bank or credit card provider and follow their independent advice if they believe they have been hacked.
Online sales represented 9.4% of Kathmandu’s $497 Million sales according to their 2018 annual report. Whilst the company did not release the amount of data sets accessed, they reassured that data originating from their physical stores had not been compromised.