Outdoor clothing retailer Kathmandu announced that it is investigating a potential breach of customer card data harvested from its websites. In a statement posted to the New Zealand Exchange (NZE), the firm said it was notifying potentially affected customers directly, advising them to contact their banks and card providers: “Kathmandu has recently become aware that between January 8, 2019 NZDT and February 12, 2019 NZDT, an unidentified third party gained unauthorized access to the Kathmandu website platform,” it said. “During this period, the third party may have captured customer personal information and payment details entered at check-out.”
Although the cause is still unclear, several reports note the fact that card data appears to have been taken from customers as details were entered in at check-out aligns with Magecart-based attacks.
According to Matan Or-El, CEO of Panorays, “Once again, a possible Magecart cyberattack illustrates just how quickly and easily hackers can steal customers’ personal information and payment details. Such attacks also demonstrate what can happen without effective and comprehensive risk management. For this reason, it’s crucial for businesses to assess and continuously monitor not just their own systems, but those of their third parties as well.”