MarineMax has notified more than 123,000 customers they have been impacted by a data breach that the company suffered in March 2024.
The world’s largest recreational boat and yacht retailer has continued to investigate the data breach in which the Rhysida ransomware gang claimed to have stolen company sensitive data.
The American company initially said that no sensitive data was compromised following the cyber-attack, but in a notice of data breach that has now been filed, it has now informed the authorities that personal data was stolen from an undisclosed number of individuals.
After the initial data breach disclosure, MarineMax said it had secured its systems, notified law enforcement, and launched an investigation with the help of third-party data security specialists in hopes of learning more about the incident.
The investigation confirmed that an unauthorized party was able to access the company’s IT network, including files containing confidential consumer information.
“As disclosed in the Original Report, on March 10, 2024, we determined that the Company experienced a “cybersecurity incident,” as defined in applicable SEC rules, whereby a third party gained unauthorized access to portions of our information environment (the “Incident”).
“Upon detection, we immediately initiated our previously determined incident response and business continuity protocols and took immediate measures to contain the Incident.
The Company’s operations have continued throughout this matter in all material respects, and, as of the date of this filing, the affected information environment is remediated.
“As part of this process, the containment measures resulted in some disruption to a portion of the Company’s business.
“The Company’s operations have continued throughout this matter in all material respects, and, as of the date of this filing, the affected information environment is remediated,” stated the notice.
“The Company continues to investigate the extent of the Incident with the assistance of external cybersecurity experts. The Company has determined that a cybercrime organization accessed a limited portion of our information environment associated with our retail business.
“As of the date of this filing, our ongoing investigation has identified that this organization exfiltrated limited data from this environment that includes some customer and employee information, including personally identifiable information. “
A data breach letter to affected customers stated that based on the incident investigation, an unauthorised third party obtained access to the MarineMax environment from March 1, 2024 to March 10, 2024.
The investigation concluded that the unauthorised third party acquired some data which contained personal information.
