Top yacht retailer MarineMax says cyberattack led to major online data breach

News
By Sead Fadilpašić
published

MarineMax suffers ransomware attack, but says things aren't too bad

Code Skull
(Image credit: Shutterstock)

MarineMax has confirmed suffering a cyberattack, thought to be ransomware, in which threat actors stole sensitive customer information.

In an 8-K form, filed with the Securities and Exchange Commission (SEC) on April 1, the company, one of the leading yacht sellers worldwide, said a third party “gained unauthorized access to portions of our information environment.”

This breach forced MarineMax to shut down parts of its infrastructure, resulting in “some disruption to a portion of the company’s business”.

Major ransom demands

Subsequent investigation determined that a “cybercrime organization” accessed a “limited portion” of MarineMax’s information environment associated with its retail business. While the company said that the information includes personally identifiable data, it did not provide further details. It added that the affected individuals would be notified in a timely fashion. The law enforcement was notified. 

While MarineMax claims that the incident had no material impact on its operations, and continues to assess if that’s a possibility, hackers started selling the stolen data on the dark web.

A hacking group called Rhysida claimed responsibility for the attack and started advertising the database for $15 BTC (roughly $1 million). In the ad, the group shared a few screenshots of the stolen database, depicting MarineMax financial documents, employee driver’s licenses and passports, and more.

Having such sensitive data leak on the dark web just might have a material impact on MarineMax. Whether or not it will feel the data watchdog’s sting remains to be seen, as it reported $2.39 billion in revenue last year, with more than $800 million in gross profit.

Rhysida is a ransomware-as-a-service (RaaS) that first popped up last year. It was used in the recent attacks on the British Library and the Chilean Army, as well as  against the U.S. Department of Health and Human Services.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.