Burton Snowboards discloses data breach after February attack


Leading snowboard maker Burton Snowboards confirmed notified customers of a data breach after some of their sensitive information was “potentially” accessed or stolen during what the company described in February as a “cyber incident.”

The attack was discovered by Burton on February 11 after causing a “system outage” and forcing the company to cancel online orders.

Burton advised customers who wanted to buy snowboarding gear to go to a brick-and-mortar Burton store or use its new online rental program.

It also hired external forensic experts to establish the nature of the incident and discover what information was affected during the breach.

“The investigation identified a limited number of files and folders as potentially accessed or taken by an unknown actor,” Burton told affected customers in notification letters sent last week.

“On April 7, 2023, it was determined that some of your information was present in the files and folders that may have been accessed or taken.”

The information in the files that were “potentially” stolen or viewed by the threat actors may include the customers’ names, Social Security numbers, and financial account information.

While the breach notifications warn affected individuals that their financial information was also involved, Burton’s privacy policy says its website is 100% PCI compliant since “at no point during the order process or post order process are credit card details or bank account numbers saved or held by”

Stores selling Burton Snowboards products in the U.S.Stores selling Burton products in the U.S. (Burton)

​Account passwords reset for affected customers

In response to the breach, the company also reset the passwords of accounts linked to affected customers. Burton added that it’s yet to receive reports regarding misuse or attempted misuse of customer personal information.

“Burton is also notifying relevant state and federal regulators, as required. Finally, we reported this incident to law enforcement, and will participate with any criminal investigation into this matter,” the company said.

Established in 1977, Burton is now a leading and one of the most well-known snowboard brands, with its products being sold in thousands of stores worldwide.

While its headquarters are in Burlington, Vermont, Burton also maintains offices in various locations, including Australia, Austria, Canada, California, China, and Japan.

A Burton Snowboards spokesperson is yet to reply to a request for more info regarding the February “incident” made by BleepingComputer after the initial disclosure.


  • johnlsenchak Photo johnlsenchak – 3 days ago

    It took the company three months to report the breach to the public ?


Related posts

UK creates fake DDoS-for-hire sites to identify cybercriminals

Sarah Henriquez

Google Chrome bug lets sites write to clipboard without asking

Sarah Henriquez

Using Account Lockout policies to block Windows Brute Force Attacks

Sarah Henriquez

Leave a Comment