According to documents filed with the Securities and Exchange Commission (SEC) on March 12, MarineMax, a national retailer of million-dollar boats and yachts, suffered a “cybersecurity incident“, interrupting its operations.
The accident occurred due to a third parties gain unauthorized access to the company’s information systems, although the company did not specify who the threat actor was, nor what type of incident took place, be it a ransomware attack or otherwise.
“MarineMax [has] experienced a “cybersecurity incident,” as defined in applicable Securities and Exchange Commission rules, pursuant to which a third party obtained unauthorized access to portions of its information environment,” the company explained in the filing. THE SEC Rules on Accident Disclosure recently amended to require filing of Form 8-K within “four business days of the determination [a cyber] The incident was material,” meaning that it had an impact that affected operational performance and, therefore, had implications for investors.
However, the company also stated that “the incident did not have a material impact on the company’s operations”, despite the disruption that occurred during the implementation of containment measures, and that it does not store any sensitive data in its systems that could having been compromised during the accident. It’s unclear why there is a discrepancy in his language, but there could be filing of a voluntary notification as a precaution against non-compliance while it continues to review the situation.
At the time of submitting the application, MarineMax noted that the investigation was ongoing and that law enforcement had been alerted.