Outdoor gear maker Kathmandu has revealed an unauthorised and unidentified third party had been monitoring what customers were entering into their website for over a month.
The publicly listed company announced Wednesday afternoon to the ASX and NZX that it “recently” became aware of the breach that occurred between January 8 and February 12.
“During this period, the third party may have captured customer personal information and payment details entered at check-out.”
Kathmandu did not disclose how many customers might be affected by the breach.
The New Zealand company is notifying potentially impacted customers directly, while encouraging those that suspect their information was stolen to contact their financial institution for advice.
“Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted,” said chief executive Xavier Simonet.
“Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable.”
The company has been working with “leading IT and cybersecurity consultants” to identify which customers were affected and who might be behind the attack.
The online store is now secure and no physical stores were under any threat.
The Christchurch-headquartered Kathmandu racked up $497.4 million of sales and $50.5 million net profit in 2018, with 9.4 per cent of those sales coming online.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, property and tech news.
Now read: Aldi is selling $90 mountain bikes