Kathmandu Holdings 'urgently' investigating Security Incident possibly exposing the customer info

Kathmandu Holdings, the Outdoor Clothing Retailer, has confirmed that an "urgent" investigation is currently getting conducted by them about a security incident, which possibly may lead to capturing of the customers' personal information.

As per the company, an unidentified third-party has gained access to the website of Kathmandu between Jan. 8, 2019, and Feb. 12, 2019. "During this period, the third party may have captured customers' personal information and payment details entered at check-out," as per the statement by Kathmandu.

Kathmandu said that the personal information getting impacted by this incident, may include the shipping and billing name, address, phone number, and email; debit/credit card details; username and password of Kathmandu Summit Club; any special instructions related to your order, like pick up/delivery details; and gift card details, if any.

The moment Kathmandu became aware about this incident, it has immediately taken steps and confirms that the online store of Kathmandu is and stay secure, it wrote. "Since this time, Kathmandu has been working closely with leading external IT and cybersecurity consultants to fully investigate the circumstances of the incident and confirm which customers may have been impacted".

Passwords of all accounts in Kathmandu Summit Club impacted by this incident were reset by the company, in case the password was not already reset after Feb. 12, 2019. Wider IT environment, that as per the company includes Kathmandu brick-and-mortar stores, was not impacted by this incident.

"As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted," added CEO Xavier Simonet in a statement that was issued to Australian Securities Exchange.

Kathmandu Holdings is notifying directly the possibly affected customers, and said that the Australian customers who are using a Mastercard or Visa card might had their cards blocked already by the respective card issuers of the customers.

The company confirmed that it had already notified the OAIC (Office of the Australian Information Commissioner), the Information Commissioner's Office (ICO) in the UK, and the Privacy Commissioner of New Zealand, and also reported this incident to the New Zealand Police and ACORN (Australian Cyber Crime Online Reporting Network).

» SPAMfighter News - 3/28/2019