Yacht retailer MarineMax reports a major cyber attack affecting internal systems

MarineMax, one of the world’s largest yacht retailers, said it experienced a cyber security incident that forced it to take certain systems offline.

 

MarineMax claims to be a one-stop-shop for all things related to boating, including boat sales, marinas, finance, insurance and more. The company is known for providing services to luxury boat, yacht and superyacht operators and owners.

 

In a filing with the U.S Department of Securities and Exchange Commission (SEC), MarineMax said that on March 10, it identified a cyber security incident where an unauthorised third party gained access to portions of its internal network.

 

MarineMax immediately launched an internal investigation, with assistance from third party cyber security experts to determine the nature and scope of the incident and notified relevant law enforcement authorities about the incident.

 

“Upon detection, the Company initiated its previously determined incident response and business continuity protocols and took immediate measures to contain the incident. As part of this process, the containment measures resulted in some disruption to a portion of the Company’s business,” reads the filing.

 

The company added that it is still providing services to its clients and is trying to operate as usual despite the ongoing investigation of the security incident and portions of its internal network taken offline.

 

“While the investigation remains ongoing, as of the date of this filing, the incident has not had a material impact on the Company’s operations, and the Company is still in the process of determining whether the incident is reasonably likely to materially impact the Company’s financial conditions or results of operations,” MarineMax added in its filing.

 

The yacht retailer added that the systems affected by the cyber security incident did not store any sensitive personal data.

 

The company is yet to share details on who is behind the cyber attack, how the threat actors infiltrated its internal network, whether any data was stolen from its systems or the nature of the incident.

 

In April last year, German superyacht manufacturer Lürssen also suffered a ransomware attack that disrupted the company’s daily operations. The company said it had engaged external cyber security experts and the police and the latter initiating a criminal investigation to understand the nature and scope of the cyber attack.

 

“In coordination with internal and external experts, we immediately initiated all necessary protective measures and informed the responsible authorities,” a company spokesperson told local media.