MarineMax has confirmed suffering a cyberattack, thought to be ransomware, in which threat actors stole sensitive customer information.
In an 8-K form, filed with the Securities and Exchange Commission (SEC) on April 1, the company, one of the leading yacht sellers worldwide, said a third party “gained unauthorized access to portions of our information environment.”
This breach forced MarineMax to shut down parts of its infrastructure, resulting in “some disruption to a portion of the company’s business”.
Major ransom demands
Subsequent investigation determined that a “cybercrime organization” accessed a “limited portion” of MarineMax’s information environment associated with its retail business. While the company said that the information includes personally identifiable data, it did not provide further details. It added that the affected individuals would be notified in a timely fashion. The law enforcement was notified.
While MarineMax claims that the incident had no material impact on its operations, and continues to assess if that’s a possibility, hackers started selling the stolen data on the dark web.
A hacking group called Rhysida claimed responsibility for the attack and started advertising the database for $15 BTC (roughly $1 million). In the ad, the group shared a few screenshots of the stolen database, depicting MarineMax financial documents, employee driver’s licenses and passports, and more.
Having such sensitive data leak on the dark web just might have a material impact on MarineMax. Whether or not it will feel the data watchdog’s sting remains to be seen, as it reported $2.39 billion in revenue last year, with more than $800 million in gross profit.
Rhysida is a ransomware-as-a-service (RaaS) that first popped up last year. It was used in the recent attacks on the British Library and the Chilean Army, as well as against the U.S. Department of Health and Human Services.
Via BleepingComputer