Yacht retailer MarineMax discloses knowledge breach after cyberattack


MarineMax, self-described as one of many world’s largest leisure boat and yacht retailers, says attackers stole worker and buyer knowledge after breaching its programs in a March cyberattack.

The Florida-based yacht vendor stated in a March 12 SEC submitting that it did not retailer delicate knowledge within the compromised programs. Nonetheless, on Monday, a brand new 8-Ok submitting revealed that the malicious actors gained entry and stole private knowledge belonging to an undisclosed variety of people.

“The Firm has decided {that a} cybercrime group accessed a restricted portion of our info setting related to our retail enterprise,” MarineMax disclosed.

“As of the date of this submitting, our ongoing investigation has recognized that this group exfiltrated restricted knowledge from this setting that features some buyer and worker info, together with personally identifiable info.”

Whereas the corporate did not attribute the assault to a particular menace group, the Rhysida ransomware gang claimed the assault and is now promoting knowledge allegedly stolen from MarineMax’s community for 15 BTC (simply over $1 million).

Rhysida has additionally leaked screenshots of what seem like MarineMax’s monetary paperwork, together with worker driver’s licenses and passports, on its darkish internet leak website.

The group continues to be looking for a purchaser for the info they stole from the corporate, indicating that the ransom has not but been paid.

MarineMax entry on Rhysida leak site
MarineMax entry on Rhysida leak website (BleepingComputer)

​MarineMax operates over 130 areas worldwide, together with 83 dealerships and 66 marina and storage services. The corporate reported a $2.39 billion income final yr, with a $835.3 million gross revenue.

The Rhysida ransomware-as-a-service (RaaS) operation emerged nearly one yr in the past, in Might 2023, and gained notoriety after breaching the British Library and the Chilean Military (Ejército de Chile).

The gang’s associates had been additionally linked by the U.S. Division of Well being and Human Companies (HHS) to assaults in opposition to healthcare organizations in August.

Moreover, a joint advisory issued by CISA and the FBI warned that the Rhysida ransomware group has additionally carried out opportunistic assaults concentrating on organizations in numerous business sectors.

One of many newest examples is the November assault in opposition to Sony subsidiary Insomniac Video games when the ransomware gang stole over 1.3 million information, together with worker private info. Rhysida leaked 1,67 TB of paperwork on its leak website after the sport studio refused to pay a $2 million ransom.

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles