Cyber Incident Victim: Burton Snowboards
Date:
Feb 2023
Location:
United States of America
Summary
A cyber incident impacted Burton Snowboards' operations, causing a system outage that disrupted online order processing and led to the cancellation of existing orders. The company initiated an investigation with third-party forensic specialists to determine the scope and nature of the incident while advising customers to utilize physical stores or an online rental program for purchases during the disruption. No consumer credit or debit card data was compromised, attributed to PCI-compliant practices preventing storage of financial details. Operations were subsequently restored, including access to saved carts and wishlists, with the network confirmed secure following remediation efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 5 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 11, 2023, Burton Snowboards experienced a cyber incident that disrupted its business operations, particularly impacting online order processing capabilities. By February 14, the company publicly acknowledged the incident through website alerts and statements, describing it as a system outage caused by unauthorized activity. Immediate consequences included the cancellation of all online orders and a temporary suspension of web-based transactions, prompting Burton to advise customers to purchase products in physical stores or use its online rental program as alternatives. Burton activated its incident response protocols upon discovery, engaging third-party forensic specialists to investigate the event's nature and scope. The company confirmed its website maintained full PCI compliance during the disruption, emphasizing that no consumer credit card or banking information was compromised at any stage due to policies prohibiting the storage of such data post-transaction. Operations remained partially impaired through February 16, with Burton unable to fulfill digital orders during this period.
The investigation unfolded without public disclosure of technical details regarding attack vectors, actor attribution, or data exfiltration claims. Burton prioritized restoring core functions while forensic analysis continued, reassuring customers that saved shopping carts and wishlists remained intact despite the outage. By March 8, 2023, the company announced full operational recovery across its Burlington, Vermont headquarters and international offices in Australia, Austria, Canada, California, China, and Japan, confirming secure network restoration and resumed e-commerce activity without lingering disruptions. No evidence emerged of consumer financial data compromise, though the incident necessitated temporary reliance on brick-and-mortar retail channels and demonstrated Burton's dependence on digital infrastructure for revenue generation through its global retail partnerships. The closure of remediation efforts marked a return to standard business protocols without further public updates on investigative findings.