What is the issue - New Zealand-based outdoor clothing and equipment retailer Kathmandu Holdings suffered a data breach impacting customers’ personal information.
What happened - Kathmandu learned that an unauthorized third-party gained illegal access to the Kathmandu website between January 8, 2019, and February 12, 2019, and got hold of customers’ personal information.
What was compromised - The compromised information includes customers’ billing and shipping names, shipping addresses, email addresses, phone numbers, payment card details, pickup/delivery details, gift card details, and Kathmandu Summit Club usernames and passwords.
However, the outdoor retailer confirmed that its physical stores were not impacted by the incident.
What were the immediate actions taken?
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable. As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologize to any customers who may have been impacted,” Xavier Simonet, CEO of Kathmandu Holdings, said, as noted in the official security incident notification.