Kathmandu Holdings is investigating a data security breach on one of its websites that lasted for about a month. 

The outdoor equipment chain said it recently became aware that an unidentified third party gained access to its website platform between Jan. 8 and Feb. 12, and may have captured customer personal information and payment details. The retailer is notifying customers it believes may have been affected, and is in the process of telling the relevant legal and privacy authorities. 

Since discovering the breach, Kathmandu said it’s confirmed the online store remains secure and that the wider IT network hasn’t been impacted. The shares fell 0.8 percent to $2.42. 

“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable,” chief executive Xavier Simonet said in a statement. “As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.”

Kathmandu’s admission comes the same day Parliament’s justice select committee reported back on the Privacy Bill, which will update legislation governing data breaches and empowers the Privacy Commissioner to issue compliance notices when the new law is enacted.

Among the changes in the report, the committee, chaired by Labour MP Raymond Huo, decided to raise the threshold needed for a notifiable privacy breach to one where it’s likely to cause serious harm rather than harm. 

Leave a comment