One of the world’s leading names in luxury boats, MarineMax, just revealed that hackers gained access to sensitive customer information in a data breach. The Rhysida ransomware group responsible for the incident is taking credit for hacking yacht seller MarineMax—and now they’re threatening to leak over a terabyte of the company’s stolen files online.
MarineMax Data Breach Details
Earlier this year, cybercriminals broke into part of MarineMax’s systems. At first, the company downplayed things. But they recently came clean and admitted sensitive customer and employee details were stolen – including things like license scans and passport photos.
In a filing submitted to the Securities and Exchange Commission (SEC) on March 12, the Florida-based yacht seller stated that it did not store sensitive data on the compromised systems.
However, in a new filing on Monday, referred to as an 8-K filing, it was disclosed that the malicious actors were able to gain unauthorized access in the data breach and extract personal data from an undisclosed number of individuals.
“The Company has determined that a cybercrime organization accessed a limited portion of our information environment associated with our retail business,”
“As of the date of this filing, our ongoing investigation has identified that this organization exfiltrated limited data from this environment that includes some customer and employee information, including personally identifiable information.”
MarineMax disclosed.
Rhysida Ransomware Claims MarineMax Data Breach
Although the company did not explicitly identify the responsible threat group, the Rhysida ransomware gang has claimed responsibility for the attack on MarineMax.
MarineMax entry on Rhysida leak site
Source: BleepingComputer
The group is currently offering to sell the allegedly stolen data from MarineMax’s network for 15 BTC, equivalent to just over $1 million.
To substantiate their claims, Rhysida has released screenshots of what appears to be MarineMax’s financial documents, as well as employee driver’s licenses and passports, on their dark web leak site.
It is important to note that as of now, the ransom has not been paid, and the group is actively searching for a buyer for the stolen data.
Rhysida is a particularly brazen gang too. They’ve breached major organizations like the British Library and Chilean military.
The Rhysida ransomware gang has not only targeted MarineMax but also been associated with attacks against healthcare organizations in August, as reported by the U.S. Department of Health and Human Services (HHS).
In a joint advisory, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) cautioned that the Rhysida ransomware group has engaged in opportunistic attacks targeting organizations across various industry sectors.
An example of their recent activity is the November attack on Insomniac Games, a subsidiary of Sony. During this incident, the ransomware gang stole more than 1.3 million files, including personal information of employees. Following Insomniac Games’ refusal to pay a $2 million ransom, Rhysida released 1.67 TB of documents on their leak site.
