Connect with us

Hi, what are you looking for?


Data Breaches

Boat Dealer MarineMax Confirms Data Breach 

MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files. 

Boat dealer MarineMax has confirmed that a recent ransomware attack resulted in a data breach impacting customers and employees. 

The company disclosed the incident in a regulatory filing on March 10, when it admitted that the attack caused some disruption and involved unauthorized access to some of its IT systems. However, MarineMax said at the time that the breached environment did not store any sensitive data.

Roughly 10 days later, the Rhysida ransomware group took credit for the attack and launched an auction for data allegedly stolen from the company. 

In a new SEC filing dated April 1, MarineMax said its investigation into the incident is ongoing, but it confirmed that the cybercriminals did exfiltrate ‘limited data’ from its systems, including customer and employee information. The compromised data includes personally identifiable information, the firm said.

Impacted individuals will be notified and MarineMax has also informed law enforcement and regulatory agencies. 

“The Company has incurred, and may continue to incur, certain expenses related to its response to this Incident. Further, the Company remains subject to risks and uncertainties as a result of the Incident,” MarineMax said in its latest SEC filing. 

It added, “While the Company is continuing to evaluate the full scope and impact of the Incident, as of the date of this filing, the Incident has not had a material impact on the Company’s operations, and the Company is still in the process of determining whether the Incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

On its leak website, the Rhysida ransomware group is apparently trying to auction the data stolen from MarineMax, with a starting price of 15 bitcoin (roughly $1 million). While the amount may seem high, the threat actors likely set this price due to MarineMax being one of the world’s largest retailers of recreational yachts and boats. The company has nearly 4,000 employees and it recently reported a quarterly revenue of more than $500 million. 

Advertisement. Scroll to continue reading.

Several screenshots published in an attempt to demonstrate their claims appear to show that they have stolen driver’s license and passport copies, financial documents, and internally used spreadsheets. A file tree made public by the ransomware group lists 180,000 files seemingly taken from MarineMax systems. 

While the file tree appears legitimate, with hundreds of file names that include the string ‘MarineMax’, it’s not uncommon for cybercriminals to exaggerate their claims or fabricate data to increase their chances of getting paid. 

The Rhysida ransomware group emerged in May 2023 and it has targeted organizations in various sectors, including government, IT, manufacturing, healthcare, and education. One of its victims is the British Library, which recently shared details on the destructive attack.

The US government issued an advisory for Rhysida in November 2023. The cybercriminals not only steal data from victims but also encrypt files stored on compromised systems. It’s unclear if the hackers encrypted files in the MarineMax attack or if they focused on data theft.  

MarineMax has not responded to SecurityWeek’s request for additional information. 

Related: Nissan Data Breach Affects 100,000 Individuals

Related: Anatomy of a BlackCat Attack Through the Eyes of Incident Response

Related: Cyberattack Disrupts Production at Varta Battery Factories

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Kim Larsen is new Chief Information Security Officer at Keepit

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.