Outdoor apparel and equipment retail chain Kathmandu said it’s in the process of notifying customers about a security incident involving its website.
On 13 March, Kathmandu released a notification disclosing how the company became aware of the security incident between 8 January and 12 February. At some point during that time, an unauthorized third party gained access to the retail chain’s website. Those bad actors then might have abused their unauthorized access to steal customers’ personal information and/or payment details as they completed their online orders.
According to its statement, Kathmandu responded by enlisting the help of IT and digital security experts to investigate the incident and determine how many customers it might have affected. It used these individuals’ expertise to improve the security of its website and confirm that the incident had not affected its wider IT environment.
Xavier Simonet, CEO of Kathmandu, explains in the notice that the company is still in the process of responding to the incident:
Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable. As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted.
Customers who believe they were victims of the security event should contact their banks and/or credit card providers to discuss their options, including whether they should put a security freeze on their credit reports.
Kathmandu’s statement doesn’t provide insight into how the digital attackers gained unauthorized access to the company website. It also doesn’t illuminate whether it’ll be providing affected customers with complementary access to identity theft protection services.
This security incident follows just a few months after OXO International Ltd, a manufacturer of kitchen utensils, office supplies and housewares, disclosed of a data breach involving customer information submitted to its e-commerce website.