iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Major snowboarding brand Burton has said that the cyber attack it suffered last year affected seven times as many customers as initially believed.
The Burton Corporation suffered a cyber attack on roughly 11 February 2023, leading to some of its computer systems being disrupted. This prevented the company from conducting online orders.
The company discovered that the outage was caused by a “sophisticated cyber attack” on 9 March that year and launched an investigation, which unveiled that data had been exfiltrated.
“The investigation identified a limited number of files and folders as potentially accessed or taken by an unknown actor. We commenced a thorough review to determine whether sensitive information was present in the impacted files and folders,” it wrote in a letter to affected current and former employees of the Chill Foundation, Burton’s youth development non-profit based around snow and board sports, issued on 26 May 2023.
“On April 7, 2023, it was determined that some of your information was present in the files and folders that may have been accessed or taken.”
Burton said the stolen data includes names, social security numbers and financial account information.
Further investigation by Cyber Daily found that other pieces of data, including dates of birth, ID numbers and passport details, may have also been leaked, according to the VenariX threat feed.
The initial filing to the Maine Attorney General said that 737 people were affected in the breach.
A second filing and a class action report said the number of affected personnel was as high as 5,282.
However, a new filing has revealed that the number of people known to have been affected by the breach is now at 5,170.
Burton is offering access credit monitoring services for free for an entire year to those affected by the breach.
A class action lawsuit was filed against The Burton Corporation in August last year. Morgan v The Burton Corporation was filed on 31 August by plaintiff David Morgan, who represented himself and others affected by the breach.
“This action arises out of defendant’s unauthorised disclosure of the confidential personal information, personally identifying information (‘PII’), of plaintiff and the proposed class members, over 5,000 individuals, beginning on February 11, 2023 during a cyber attack on Burton’s systems, including their names, dates of birth, Social Security numbers, driver’s license, numbers or state-issued identification number, passport number and financial account information (the ‘Data Breach’),” said the class action filing.
Be the first to hear the latest developments in the cyber industry.
