MarineMax, a leading recreational boat and yacht retailer, reported a data breach impacting 123,494 individuals after a cyber attack. During the incident involving the Rhysida ransomware gang, sensitive data, including personal information of customers and employees, was compromised. The attack, which occurred from March 1, 2024, to March 10, 2024, resulted in the exfiltration of 225 GB of data by the perpetrators. Exposed information included names, personal identifiers, driver’s licenses, and passports. The breach was significant enough to warrant an official notification to the Offices of Maine Attorney General and the affected parties.
Source: https://securityaffairs.com/165843/data-breach/marinemax-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/marinemax
"id": "mar000072424",
"linkid": "marinemax",
"type": "Breach",
"date": "7/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 123494,
'industry': 'Recreational Boat and Yacht Retail',
'name': 'MarineMax',
'type': 'Company'}],
'attack_vector': 'Ransomware',
'data_breach': {'data_exfiltration': '225 GB',
'number_of_records_exposed': 123494,
'personally_identifiable_information': ['names',
'personal identifiers',
'driver’s licenses',
'passports'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['personal information of '
'customers and employees']},
'date_detected': 'March 1, 2024',
'description': 'MarineMax, a leading recreational boat and yacht retailer, '
'reported a data breach impacting 123,494 individuals after a '
'cyber attack. During the incident involving the Rhysida '
'ransomware gang, sensitive data, including personal '
'information of customers and employees, was compromised. The '
'attack, which occurred from March 1, 2024, to March 10, 2024, '
'resulted in the exfiltration of 225 GB of data by the '
'perpetrators. Exposed information included names, personal '
'identifiers, driver’s licenses, and passports. The breach was '
'significant enough to warrant an official notification to the '
'Offices of Maine Attorney General and the affected parties.',
'impact': {'data_compromised': ['names',
'personal identifiers',
'driver’s licenses',
'passports']},
'ransomware': {'data_exfiltration': '225 GB', 'ransomware_strain': 'Rhysida'},
'regulatory_compliance': {'regulatory_notifications': ['Offices of Maine '
'Attorney General']},
'threat_actor': 'Rhysida ransomware gang',
'title': 'MarineMax Data Breach',
'type': 'Data Breach'}