iTnews
  • Home
  • News
  • Technology
  • Security

Credit cards cancelled as Kathmandu reveals online store hacked

By Juha Saarinen on Mar 13, 2019 3:00PM
Credit cards cancelled as Kathmandu reveals online store hacked

Month-long breach during peak discount period.

ASX-listed global outdoors wear and equipment retailer Kathmandu has disclosed it suffered a data breach during the peak post-holidays sales period that saw customers' personal and payments information captured.

"Kathmandu has recently become aware that between 8 January 2019 NZDT and 12 February 2019 NZDT, an unidentified third party gained unauthorised access to the Kathmandu web platform. 

"During this period, the third party may have captured personal information and payment details entered at check-out," the company said in a statement to the Australian Securities Exchange.

The retailer could not say how many customers are affected.

Online transactions at Kathmandu represent 9.4 percent of the group's sales according to its latest annual report.

The document says the company earmarked $2.9 million in capital investment for upgrades to its online platform and CRM system, calling out a three year roadmap for technology
projects  that also include a new warehouse management
system and upgraded ERP system.

Kathmandu runs the Magento e-commerce platform for its site that has been targeted by criminals planting card-skimming malware on unpatched servers over the past few years.

Information that was accessed include customers' billing and shipping name, address, email and phone number as well as the credit and debit card details they used on the site.

Customers' Kathmandu Summit Club username and password and special instructions for orders such as pick up and delivery details could also have been accessed, if they were provided during check-outs.

Users with Australian-issued Visa, Visa Debit or Mastercard that were used on the Kathmandu site when the hack took place may have been re-issued already and the compromised cards blocked, the retailer said.

If not, Kathmandu advised customers to contact their issuing banks for more information as soon as possible.

Customers who used other credit or debit cards on the Kathmandu site when it was compromised should monitor their statements for any discrepancies or unusual activity, and contact issuers with any concerns, the company said.

Passwords for customers in the Kathmandu Summit Club loyalty scheme impacted by the hack have been reset as they too were captured.

Kathmandu said the passwords "are not visible in plain text" but that there is a risk that they can be decrypted.

This could lead to customer accounts on other sites being compromised, if the passwords have been re-used, the company warned.

Kathmandu has also set up help lines (1300 432 273 for Australia, 0800 201 415 for NZ) and a support request form together with identity and cyber support company IDCARE.

US customers can contact 1-866-775-4209, and European Union, Norway and Switzerland residents +44 (0) 333 103 8653 for support around the hack.

The relevant privacy watchdogs in Australia, New Zealand, the UK have been notified of the data breach by Kathmandu. The hack has been reported to the Australian Cyber Crime Online Reporting Network and the New Zealand police.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
kathmandusecurity

Partner Content

"We're seeing some good policy put in place, but that's the exception"
Partner Content "We're seeing some good policy put in place, but that's the exception"
Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
By Juha Saarinen
Mar 13 2019
3:00PM
0 Comments

Related Articles

  • Qld gov proposes mandatory data breach reporting for agencies
  • Researchers hacked Oracle servers to demo serious vulnerability
  • Don't remove PowerShell: US, UK and NZ security agencies
  • Threat actors worked with ISPs to plant malware from Italian spyware vendor
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation

Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early

SA Police ignores Adelaide council plea for facial recognition ban on CCTV

SA Police ignores Adelaide council plea for facial recognition ban on CCTV

NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

Digital Nation

Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
The security threat of quantum computing
The security threat of quantum computing
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.