Outdoor clothing retailer Kathmandu announced that it is investigating a potential breach of customer card data harvested from its websites. In a statement posted to the New Zealand Exchange (NZE), the firm said it was notifying potentially affected customers directly, advising them to contact their banks and card providers: “Kathmandu has recently become aware that between January 8, 2019 NZDT and February 12, 2019 NZDT, an unidentified third party gained unauthorized access to the Kathmandu website platform,” it said. “During this period, the third party may have captured customer personal information and payment details entered at check-out.”
Although the cause is still unlear, several reports note the fact that card data appears to have been taken from customers as details were entered in at check-out aligns with Magecart-based attacks.
— 𝗛𝘂𝗺𝗮𝗻 𝗙𝗶𝗿𝗲𝘄𝗮𝗹𝗹 (@Sec_Cyber) March 13, 2019
Matan Or-El, CEO at Panorays:
“Once again, a possible Magecart cyberattack illustrates just how quickly and easily hackers can steal customers’ personal information and payment details. Such attacks also demonstrate what can happen without effective and comprehensive risk management. For this reason, it’s crucial for businesses to assess and continuously monitor not just their own systems, but those of their third parties as well.”