MarineMax Confirms Data Breach, Rhysida Claims the Cyberattack!

Written by Mitchell Langley

April 2, 2024

MarineMax Confirms Data Breach, Rhysida Claims the Cyberattack!

One of the world’s leading names in luxury boats, MarineMax, just revealed that hackers gained access to sensitive customer information in a data breach. The Rhysida ransomware group responsible for the incident is taking credit for hacking yacht seller MarineMax—and now they’re threatening to leak over a terabyte of the company’s stolen files online.


MarineMax Data Breach Details

Earlier this year, cybercriminals broke into part of MarineMax’s systems. At first, the company downplayed things. But they recently came clean and admitted sensitive customer and employee details were stolen – including things like license scans and passport photos.

In a filing submitted to the Securities and Exchange Commission (SEC) on March 12, the Florida-based yacht seller stated that it did not store sensitive data on the compromised systems.

However, in a new filing on Monday, referred to as an 8-K filing, it was disclosed that the malicious actors were able to gain unauthorized access in the data breach and extract personal data from an undisclosed number of individuals.

“The Company has determined that a cybercrime organization accessed a limited portion of our information environment associated with our retail business,”

“As of the date of this filing, our ongoing investigation has identified that this organization exfiltrated limited data from this environment that includes some customer and employee information, including personally identifiable information.”

MarineMax disclosed.

Rhysida Ransomware Claims MarineMax Data Breach

Although the company did not explicitly identify the responsible threat group, the Rhysida ransomware gang has claimed responsibility for the attack on MarineMax.

MarineMax Confirms Data Breach, Rhysida Claims the Cyberattack!

MarineMax entry on Rhysida leak site 

Source: BleepingComputer

The group is currently offering to sell the allegedly stolen data from MarineMax’s network for 15 BTC, equivalent to just over $1 million.

To substantiate their claims, Rhysida has released screenshots of what appears to be MarineMax’s financial documents, as well as employee driver’s licenses and passports, on their dark web leak site.

It is important to note that as of now, the ransom has not been paid, and the group is actively searching for a buyer for the stolen data.

Rhysida is a particularly brazen gang too. They’ve breached major organizations like the British Library and Chilean military.

The Rhysida ransomware gang has not only targeted MarineMax but also been associated with attacks against healthcare organizations in August, as reported by the U.S. Department of Health and Human Services (HHS).

In a joint advisory, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) cautioned that the Rhysida ransomware group has engaged in opportunistic attacks targeting organizations across various industry sectors.

An example of their recent activity is the November attack on Insomniac Games, a subsidiary of Sony. During this incident, the ransomware gang stole more than 1.3 million files, including personal information of employees. Following Insomniac Games’ refusal to pay a $2 million ransom, Rhysida released 1.67 TB of documents on their leak site.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!