In a statement issued to the ASX and the New Zealand Exchange (NZX) on Wednesday (13 March), Kathmandu Holdings Limited said that it only recently became aware of a breach of its web platform by “an unidentified third party”, sometime between Friday, 8 February, and Tuesday, 12 February 2019.
“During this period, the third party may have captured customer personal information and payment details entered at checkout,” it said.
“As soon as Kathmandu became aware of this incident, it took immediate steps and confirmed that the Kathmandu online store is and remains secure.
“The wider IT environment, including all Kathmandu physical stores, were not impacted by this incident. Since this time, Kathmandu has been working closely with leading external IT and cyber security consultants to fully investigate the circumstances of the incident and confirm which customers may have been impacted.”
Kathmandu CEO Xavier Simonet said: “Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable.
“As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”
The company operates the chain of 118 Kathmandu stores across Australia, as well as more stores in New Zealand, the UK and the US.