Website Data Security Incident Notification

KATHMANDU HOLDINGS LIMITED ASX/ NZX/ MEDIA ANNOUNCEMENT 13 March 2019 Website Data Security Incident Notification Kathmandu Holdings Limited (ASX and NZX Code: KMD) is urgently investigating a security incident with its online trading websites. Kathmandu has recently become aware that between 8 January 2019 NZDT and 12 February 2019 NZDT, an unidentified third party gained unauthorised access to the Kathmandu website platform. During this period, the third party may have captured customer personal information and payment details entered at check-out. As soon as Kathmandu became aware of this incident, it took immediate steps and confirmed that the Kathmandu online store is and remains secure. The wider IT environment including all Kathmandu physical stores were not impacted by this incident. Since this time, Kathmandu has been working closely with leading external IT and Cyber Security consultants to fully investigate the circumstances of the incident and confirm which customers may have been impacted. Kathmandu is notifying potentially affected customers directly. Kathmandu advises any customer who believes they may have been impacted to contact their banks or credit card providers and follow their recommended advice. Kathmandu is in the process of notifying the relevant privacy and law enforcement agencies. Xavier Simonet, Chief Executive Officer said "Whilst the independent forensic investigation is ongoing, we are notifying customers and relevant authorities as soon as practicable. As a company, Kathmandu takes the privacy of customer data extremely seriously and we unreservedly apologise to any customers who may have been impacted." ENDS For further information, please call: Media Helen McCombie Citadel-MAGNUS +61 282340103 Investors Reuben Casey COO / CFO +64 272727573 End CA:00331882 For:KMD Type:GENERAL Time:2019-03-13 14:02:39