MarineMax has confirmed that it has been the victim of a cyber attack, believed to be ransomware, where threat actors stole sensitive customer information.
In an 8-K form filed with the Securities and Exchange Commission (SEC) on April 1, the company, one of the world’s largest yacht sellers, said a third party “has obtained unauthorized access to portions of our information environment.”
This breach forced MarineMax to shut down parts of its infrastructure, resulting in “some disruption to some of its business operations.”
Large ransom demands
Further investigation revealed that a “cybercriminal organization” had gained access to a “limited portion” of MarineMax’s information environment related to its retail operations. While the company said the information contains personally identifiable data, it did not provide further details. It added that affected individuals would be notified in a timely manner. The police were informed.
While MarineMax claims the incident had no material impact on its operations, and continues to assess whether that is possible, hackers began selling the stolen data on the dark web.
A hacking group called Rhysida claimed responsibility for the attack and began advertising the database for $15 BTC (approximately $1 million). In the ad, the group shared a few screenshots of the stolen database, showing images of MarineMax financial documents, employee driver’s licenses and passports, and more.
Leaking such sensitive data on the dark web could have a material impact on MarineMax. Whether it will feel the data watchdog’s sting remains to be seen, as it reported revenues of $2.39 billion last year, with gross profits of more than $800 million.
Rhysida is a ransomware-as-a-service (RaaS) that first emerged last year. It was used in the recent attacks on the British Library and the Chilean military, as well as on the US Department of Health and Human Services.
Through BleepingComputer