--- schema_version: "secwatch.filing_event.v1" accession: "0000950170-24-038881" form_type: "8-K/A" ticker: "HZO" cik: "0001057060" company_name: "MARINEMAX INC" filed_at: "2024-04-01T23:59:59+00:00" generated_at: "2026-06-04T04:19:16.640270+00:00" event_type: "cyber" sentiment: "negative" materiality_score: 0.7 calibrated_materiality_score: 0.7 confidence: "high" source: SEC EDGAR --- # MarineMax reports customer & employee data exfiltrated in March 10 cyberattack ## Summary - On March 10, 2024, MarineMax discovered unauthorized third-party access to portions of its information environment. - Containment measures caused some disruption; operations continued materially; affected environment is now remediated. - A cybercrime organization exfiltrated limited data including customer and employee personally identifiable information. - Notifications to affected parties, regulators, and law enforcement are planned; investigation continues with external experts. - Company states incident has not had a material impact on operations; still assessing financial condition impact. ## SEC filing metadata - accession: 0000950170-24-038881 - form_type: 8-K/A - ticker: HZO - cik: 0001057060 - company_name: MARINEMAX INC - filed_at: 2024-04-01T23:59:59+00:00 - event_type: cyber - sentiment: negative - materiality_score: 0.7 - calibrated_materiality_score: 0.7 - confidence: high - sec_items: 1.05 - EDGAR index: https://www.sec.gov/Archives/edgar/data/1057060/000095017024038881/0000950170-24-038881-index.htm - EDGAR primary document: https://www.sec.gov/Archives/edgar/data/1057060/000095017024038881/hzo-20240310.htm ## Machine-readable alternates - HTML: https://secwatch.observer/filing/0000950170-24-038881 - JSON: https://secwatch.observer/filing/0000950170-24-038881.json - Plain text: https://secwatch.observer/filing/0000950170-24-038881.txt ## Key facts - Cybersecurity Incidents MARINEMAX INC disclosed a cybersecurity incident: A third party gained unauthorized access to a limited portion of the information environment associated with the retail business, exfiltrating limited data including customer and employee personally identifiable information. Impact: Containment measures resulted in some disruption to a portion of the business; operations continued in all material respects; the company has incurred certain expenses and continues to evaluate the full impact. Materiality is still being assessed. Discovered 2024-03-10. - Nature: A third party gained unauthorized access to a limited portion of the information environment associated with the retail business, exfiltrating limited data including customer and employee personally identifiable information. - Impact: Containment measures resulted in some disruption to a portion of the business; operations continued in all material respects; the company has incurred certain expenses and continues to evaluate the full impact. - Materiality: assessing - Discovery: 2024-03-10 source text: as of the date of this filing, the Incident has not had a material impact on the Company’s operations, and the Company is still in the process of determining whether the Incident is reasonably likely to materially impact the Company’s financial condition or results of operations. evidence_url: https://www.sec.gov/Archives/edgar/data/1057060/000095017024038881/0000950170-24-038881-index.htm This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.