Leading snowboard maker Burton Snowboards has confirmed it notified customers of a data breach after some of their sensitive information was ‘potentially’ accessed or stolen in what the company described in February as a ‘computer incident’ .
The attack was discovered by Burton on February 11 after causing a “system crash” and forcing the company to cancel online orders.
Burton advised customers looking to buy snowboarding gear to visit a physical Burton store or use its new online rental program.
He also hired outside forensic experts to establish the nature of the incident and find out what information was affected in the breach.
“The investigation identified a limited number of files and folders as potentially accessed or taken by an unknown actor,” Burton said. said affected customers in the notification letters sent last week.
“On April 7, 2023, it was determined that some of your information was present in files and folders that could have been accessed or taken.”
Information in files that has been “potentially” stolen or viewed by threat actors may include customer names, social security numbers, and financial account information.
Resetting account passwords for affected customers
In response to the breach, the company also reset passwords for accounts linked to affected customers. Burton added that it has not yet received any reports of misuse or attempted misuse of customers’ personal information.
“Burton is also notifying relevant state and federal regulators as required. Finally, we have reported this incident to law enforcement and will assist in any criminal investigation regarding it,” the company said.
Founded in 1977, Burton is today a leading and one of the best-known snowboard brands, with its products sold in thousands of stores around the world.
Although headquartered in Burlington, Vermont, Burton also has offices in various locations, including Australia, Austria, Canada, California, China, and Japan.
A Burton Snowboards spokesperson has yet to respond to a request for additional information regarding the February “incident” made by BleepingComputer after the initial disclosure.