Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,198
- Points
- 113
A company with an annual revenue of $2.39 billion failed to protect its customers.
MarineMax, the world's largest yacht and leisure boat retailer, actively sends out privacy infringement notices to its customers. More than 123,000 people should be notified of the theft of their personal information as a result of the security breach committed by the ransomware group Rhysida in March this year.
The company, which operates more than 130 facilities worldwide, including 83 dealerships, as well as 66 marinas and marine storage facilities, reported revenue of $2.39 billion and gross profit of $835.3 million last year.
In an initial report to the Securities and Exchange Commission on March 12, MarineMax argued that confidential data was not stored in compromised systems. However, two weeks later, in a new report, the company already reported that attackers stole the personal data of an unspecified number of customers.
In recent security breach letters sent to the Attorneys General of Maine and Vermont, MarineMax disclosed that 123,494 people were affected by the incident. The company clarified that the breach was discovered on March 10, ten days after the attackers gained access to the company's networks.
MarineMax also reported to the Maine and Vermont attorneys General that the attackers stole names and other identification data. However, it has not yet been disclosed what other personal data was stolen and whether it affected both customers and employees.
Although the company does not link the hack to any specific group and continues to describe it as a "cybersecurity incident," the Rhysida group claimed involvement in the attack back on March 20. On its darknet site, Rhysida published a 225 GB archive with files allegedly stolen from the MarineMax network, claiming that this is data that could not be sold on cybercrime forums. Rhysida also posted screenshots of MarineMax's financial documents, as well as driving licenses and passports of customers and / or employees.
Rhysida is a relatively new ransomware operation based on the RaaS model. It appeared in May 2023, and quickly gained notoriety after the hacking of the Chilean army and the British Library.
The US Department of Health and Human Services has also linked its partners to attacks on medical organizations, while CISA and the FBI have warned that Rhysida is behind many opportunistic attacks on organizations in various sectors.
For example, in November last year, it was Rhysida who hacked Insomniac Games and published 1.67 TB of documents after the studio refused to pay a $2 million ransom. Over time, the full source code of the Spider-Man 2 video game was discovered in the leak, from which enthusiasts even managed to compile a working PC port.
Numerous cybercrimes of the Rhysida group remind us that even large and secure companies can become victims of ransomware attacks. To ensure security, you should not only invest in data protection, but also be prepared to respond quickly and transparently to incidents.
Source
MarineMax, the world's largest yacht and leisure boat retailer, actively sends out privacy infringement notices to its customers. More than 123,000 people should be notified of the theft of their personal information as a result of the security breach committed by the ransomware group Rhysida in March this year.
The company, which operates more than 130 facilities worldwide, including 83 dealerships, as well as 66 marinas and marine storage facilities, reported revenue of $2.39 billion and gross profit of $835.3 million last year.
In an initial report to the Securities and Exchange Commission on March 12, MarineMax argued that confidential data was not stored in compromised systems. However, two weeks later, in a new report, the company already reported that attackers stole the personal data of an unspecified number of customers.
In recent security breach letters sent to the Attorneys General of Maine and Vermont, MarineMax disclosed that 123,494 people were affected by the incident. The company clarified that the breach was discovered on March 10, ten days after the attackers gained access to the company's networks.
MarineMax also reported to the Maine and Vermont attorneys General that the attackers stole names and other identification data. However, it has not yet been disclosed what other personal data was stolen and whether it affected both customers and employees.
Although the company does not link the hack to any specific group and continues to describe it as a "cybersecurity incident," the Rhysida group claimed involvement in the attack back on March 20. On its darknet site, Rhysida published a 225 GB archive with files allegedly stolen from the MarineMax network, claiming that this is data that could not be sold on cybercrime forums. Rhysida also posted screenshots of MarineMax's financial documents, as well as driving licenses and passports of customers and / or employees.
Rhysida is a relatively new ransomware operation based on the RaaS model. It appeared in May 2023, and quickly gained notoriety after the hacking of the Chilean army and the British Library.
The US Department of Health and Human Services has also linked its partners to attacks on medical organizations, while CISA and the FBI have warned that Rhysida is behind many opportunistic attacks on organizations in various sectors.
For example, in November last year, it was Rhysida who hacked Insomniac Games and published 1.67 TB of documents after the studio refused to pay a $2 million ransom. Over time, the full source code of the Spider-Man 2 video game was discovered in the leak, from which enthusiasts even managed to compile a working PC port.
Numerous cybercrimes of the Rhysida group remind us that even large and secure companies can become victims of ransomware attacks. To ensure security, you should not only invest in data protection, but also be prepared to respond quickly and transparently to incidents.
Source
