By Paul McBeth
March 13 (BusinessDesk) - Kathmandu Holdings is investigating a data security breach on one of its websites that lasted
for about a month.
The outdoor equipment chain said it recently became aware that an unidentified third party gained access to its website
platform between Jan. 8 and Feb. 12, and may have captured customer personal information and payment details. The
retailer is notifying customers it believes may have been affected, and is in the process of telling the relevant legal
and privacy authorities.
Since discovering the breach, Kathmandu said it's confirmed the online store remains secure and that the wider IT
network hasn't been impacted. The shares fell 0.8 percent to $2.42.
"Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon
as practicable," chief executive Xavier Simonet said in a statement. "As a company, Kathmandu takes the privacy of
customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted."
Kathmandu's admission comes the same day Parliament's justice select committee reported back on the Privacy Bill, which
will update legislation governing data breaches and empowers the Privacy Commissioner to issue compliance notices when
the new law is enacted.
Among the changes in the report, the committee, chaired by Labour MP Raymond Huo, decided to raise the threshold needed
for a notifiable privacy breach to one where it's likely to cause serious harm rather than harm.