Skip to main content
boat on a lake

National Boat Owners Association Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating an alleged data breach targeting the National Boat Owners Association (NBOA), a U.S.-based organization established to support recreational boaters. The INC Ransom ransomware group has claimed responsibility for the incident and the ransomware group has published file listings for some of the victims, detailing the types of information allegedly exfiltrated.

NBOA has not confirmed the breach, but since the entity has hundreds of thousands of members, the potential compromise of personal information raises significant privacy concerns. Contact our experienced attorneys to learn more about the next steps you can take following a data theft incident and to discuss possible legal action. We represent plaintiffs in all fifty states.

What Happened at the National Boat Owners Association?

INC Ransom claims to have infiltrated NBOA’s internal systems, stealing data that may include member many types of data. Allegedly leaked data from the National Boat Owners Association (NBOA) includes the following:

  • Accounting and budget files
  • Tax documents, including personal and federal tax returns
  • Balance sheets and income statements
  • Personal user folders containing mortgage approval documents and W2s
  • Insurance policy and claims information

The group’s tactic typically involves encrypting company IT systems and threatening to leak stolen data unless a ransom is paid, a strategy that pressures organizations to act quickly. The lack of confirmation is not unusual in the early stages of such incidents, as companies often conduct internal investigations before public disclosure. However, the claim’s timing aligns with INC Ransom’s recent activity, including other victim postings this week, including the following claims:

  • Hitachi T&D Solutions, Inc.: A U.S.-based premier international supplier of high-voltage electrical equipment.
  • CSaaS: A U.S. software and managed IT services company offering custom-hosted solutions.
  • HeartLine Oklahoma: A non-profit organization in the U.S. that connects community members to health, housing, and other essential services.
  • DTX Studio: A California-based software company that provides products for dental professionals.

The potential exposure of NBOA members’ personal data carries substantial privacy risks. Membership records could contain personally identifiable information (PII) such as names, addresses, phone numbers, email addresses, and possibly financial details tied to membership fees or insurance services. For an organization focused on boat ownership, data might also include boat registration numbers or insurance policy information.

One immediate risk is identity theft, where attackers use stolen PII to open fraudulent accounts, apply for loans, or file false tax returns. The inclusion of financial data heightens the threat of financial fraud. As investigations continue, National Boat Owners Association are urged to remain vigilant and to contact an attorney if you believe your personal data may have been stolen in this attack. Compensation may be available for a entire class of plaintiffs.