This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Kathmandu

Summary

Kathmandu, the Trans-Tasman outdoor equipment and clothing retailer, disclosed in March 2019 that its Australian online store had been compromised by hackers who installed payment card skimming malware. The breach occurred during February 2019, one of the retailer's peak discount periods, potentially affecting thousands of customers who entered credit card details on the website. Banks were forced to cancel and reissue cards as a precautionary measure.

What Happened

Hacking. Cybercriminals installed malicious code on Kathmandu's Australian e-commerce website that intercepted payment card details as customers entered them during checkout. The skimming malware operated undetected throughout February 2019, capturing card numbers, expiry dates, CVV codes, and potentially cardholder names and billing addresses. The breach occurred during a major promotional discount period when the website experienced high traffic volumes. Kathmandu discovered the compromise in March 2019 during a security review and immediately took the affected systems offline for investigation and remediation.

Impact on Individuals

  • Payment Card Fraud: Credit and debit card details stolen and potentially used for fraudulent purchases
  • Card Replacement Hassle: Banks cancelled affected cards, requiring customers to update payment details with multiple services
  • Transaction Disruption: Cancelled cards caused declined payments and service interruptions
  • Fraud Monitoring Required: Customers needed to monitor bank statements for unauthorised transactions
  • Personal Information Risk: Names, addresses, and email details potentially captured alongside payment data

Several Australian banks proactively contacted customers and cancelled cards suspected of being compromised during the breach period.

Response

Kathmandu immediately removed the malicious code from its website and engaged cybersecurity forensic experts to investigate the breach and secure its systems. The retailer notified affected customers via email and published a public statement on its website explaining the incident. Kathmandu worked with banks and payment card networks to identify potentially compromised cards and supported the reissue process. The company implemented enhanced security monitoring and additional protective measures for its e-commerce platform. Kathmandu advised customers to monitor their bank statements and report any suspicious transactions. The breach highlighted the ongoing threat of payment card skimming attacks targeting retail websites, particularly during high-traffic promotional periods when security monitoring may be stretched. +++

Verification Source: View original statement