Data Breach at Yacht Dealer in the US Impacts Over 123,000 Individuals

Recreational boat dealer MarineMax is sending data breach notification letters to over 123,000 individuals following a ransomware attack launched against the business in March.

While the Florida-based boat retailer provided no specific details regarding the cybersecurity incident and didn’t attribute the hack to any threat actor group, the Rhysida ransomware group soon claimed responsibility.

The gang’s leak site reveals further insight into the attack, showcasing a 225 GB archive containing 204,510 data files they could not sell.

According to data breach notifications filed with the Attorney General offices in Maine and Vermont, the security incident impacted 123,494 individuals. A notice on MarineMax’s website further reveals that hackers stole personally identifiable information (PII) of customers and current and former employees.

“On March 10, 2024, we discovered that we were the victim of a cybersecurity incident that impacted a limited portion of our information environment,” MarineMax explained. “Upon discovery, we remediated our environment, implemented additional security measures, initiated an investigation with the assistance of third-party forensic experts, and notified law enforcement authorities. Our investigation determined that an unauthorized third party obtained access to our environment and acquired some of our data, which contained the personal information of some customers and current and former employees.”

As for the type of information stolen, MarineMax’s notice lists highly sensitive information and notes that data elements differ for every individual:

Stolen data includes:

• Names and Social Security numbers
• Government identification information such as driver’s license numbers and passport numbers
• Financial account information
• Medical information and health insurance information alongside other categories of PII

MarineMax is offering all potentially affected individuals 24 months of complementary credit monitoring and identity restoration services and urges users to watch out for suspicious activity. The company has also set up a dedicated call center that affected individuals can contact if they have any questions.

Has your data been part of a data breach or leak? Time to find out with Bitdefender’s Digital Identity Protection services. Here’s what you get:

- Instant Alerts. You can immediately react to data breaches and privacy threats and take swift action to prevent damage, such as changing passwords, via one-click action items.

- Real-time monitoring. The service continuously scans the internet and dark web for your personal information. You will receive alerts whenever your data is involved in a breach or leak.

- Peace of mind. The service immediately flags suspicious activity and actively monitors personal information for peace of mind.

- A 360° view of all your personal data. You can see your digital footprint, including traces from services you no longer use but that still have your data, and even send requests for data removal from service providers.