Ferrari disclosed a data breach after the company received a ransom demand related to “certain client details” after attackers gained access to a limited number of systems in its IT environment.
While Ferrari hasn’t disclosed exactly what data was breached, how the attackers got in, or what’s the ransom amount, the company did confirm that exposed customer details include names, addresses, email addresses and phone numbers.
It has started investigating the incident “in collaboration with a leading global third-party cybersecurity firm”. The Italian sports car maker is yet to find any evidence of sensitive information leaks such as payment details, bank account numbers or other sensitive financial information.
Relevant law enforcement agencies have also been informed and Ferrari is “confident they will investigate to the full extent of the law”.
The prancing horse has refused to pay the ransom as a matter of policy and has worked with third-party experts to reinforce its systems. The company further justified its decision of not paying the ransom by saying that paying for such demands can continue to fund criminal activity, in addition to not fundamentally changing the data exposure.
The notification sent to customers also stated that the breach had no impact on company operations.
This isn’t the first time Ferrari has been attacked either. Its most recent excursion with cybercriminals came against RansomEXX. The ransomware gang stole 7 GB of data from Ferrari in October 2022. Ferrari denied the attack at the time, stating that it had no evidence of a system breach or ransomware attack.
While there’s some speculation that the ransom demand could be for this attack, it’s unlikely that is the case, especially considering the RansomEXX attack made headlines at the time and it’s been five months since.
Data breaches like this can have far-reaching consequences, especially for a brand like Ferrari that not only serves high-profile clients but also runs a Formula 1 team, where internal secrets can make a huge difference in the recently started 2023 season.
In the News: Greek spy agency wiretapped Meta’s employee for nearly a year