BRP Systems Hack
BRP suffered a major hack of their global IT infrastructure
Immediately after the attack on 8/8 BRP's global network appeared to completely shut down. Manufacturing plants in several countries stopped production. We were unable to access BOSSWeb and our ability to deliver new units to customers was severely compromised. The ability to service Can-Am machines and Sea-Doo watercraft was also impacted. BRP was unable to take dealer calls or open cases. The size and scope of this hack was hard to comprehend as it appeared to effect every aspect of a global company with a market cap over $6 billion.
It was only today (8/24/2022) that we learned more about the scope of the attack and what types of information has been compromised. BRP reports that, following the recent cyberattack, information on certain employees and suppliers accessed by an unauthorized third party has been leaked on the dark web. They are stating that dealership and customer info has not been compromised but we are operating under that assumption that anything could have been stolen. That means that internally we are on the lookout for any types of emails supposedly coming from BRP.
At this point in time BOSSWeb is still down. From BRP:
BOSSWeb Access: As our teams work to restore access, we ask that you do not log onto BOSSWeb using any URLs or shared links in an attempt to submit any information.
It would seem they somehow lost control of either their domain or websites and this is allowing login info to be captured by illegitimate sources. We have directed our people to avoid BOSSWeb completely for now. It is important to understand that the hackers could easily have access to many BRP assets including graphics and templates making it easy to construct a credible phishing email.
BRP has made it a common practice to ship partially assembled units to dealers this year which has been an ongoing problem for dealers. We have units that are theoretically "shipped" but in reality are not deliverable to customers until the neccessary parts are received at a later date. Many, if not all, of our Can-Am and Sea-Doo units have been setting unable to be delivered as parts shipments ground to a halt after the 8/8 attack. We were told today that shipments of parts will resume at the end of this week but only for orders that were placed prior to 8/8. We are still unable to place new PA&A orders making it very difficult to service customer machines as well as deliver new ones.
We are doing what we can to keep our customers informed of the situation and to protect ourselves from any potential fallout.