Yacht retailer MarineMax discloses data breach after cyberattack

MarineMax, self-described as one of the world's largest recreational boat and yacht retailers, says attackers stole employee and customer data after breaching its systems in a March cyberattack.

The Florida-based yacht seller said in a March 12 SEC filing that it didn't store sensitive data in the compromised systems. Still, on Monday, a new 8-K filing revealed that the malicious actors gained access and stole personal data belonging to an undisclosed number of individuals.

"The Company has determined that a cybercrime organization accessed a limited portion of our information environment associated with our retail business," MarineMax disclosed.

"As of the date of this filing, our ongoing investigation has identified that this organization exfiltrated limited data from this environment that includes some customer and employee information, including personally identifiable information."

While the company didn't attribute the attack to a specific threat group, the Rhysida ransomware gang claimed the attack and is now selling data allegedly stolen from MarineMax's network for 15 BTC (just over $1 million).

Rhysida has also leaked screenshots of what appear to be MarineMax's financial documents, along with employee driver's licenses and passports, on its dark web leak site.

The group is still seeking a buyer for the data they stole from the company, indicating that the ransom has not yet been paid.

​MarineMax operates over 130 locations worldwide, including 83 dealerships and 66 marina and storage facilities. The company reported a $2.39 billion revenue last year, with a $835.3 million gross profit.

The Rhysida ransomware-as-a-service (RaaS) operation emerged almost one year ago, in May 2023, and gained notoriety after breaching the British Library and the Chilean Army (Ejército de Chile).

The gang's affiliates were also linked by the U.S. Department of Health and Human Services (HHS) to attacks against healthcare organizations in August.

Additionally, a joint advisory issued by CISA and the FBI warned that the Rhysida ransomware group has also carried out opportunistic attacks targeting organizations in various industry sectors.

One of the latest examples is the November attack against Sony subsidiary Insomniac Games when the ransomware gang stole over 1.3 million files, including employee personal information. Rhysida leaked 1,67 TB of documents on its leak site after the game studio refused to pay a $2 million ransom.