K-K-K-Kathmandu g-g-g-got f-f-f-phished?
Outdoor retailer Kathmandu had a new experience with cyber-phishing equipment? Probably (see the CISO Magazine report here). Were they phished? Given that "customer personal information and payment details entered at check-out" were available to an unidentified third party, my bet is on a phishing expedition. Why? Because kathmandu.co.nz is wide open to email spoofing and has no DMARC record, no DMARC Quarantine/Reject policy enabled.