Ferrari Hit With Ransomware Attack, Customer Data Stolen

Ferrari was also targeted by threat actors in 2022 just days after its F1 team announced a sponsorship by a leading cybersecurity firm.
Ferrari F8 Tributo
via Ferrari

Share

In a note to customers sent out Monday afternoon, Italian supercar manufacturer Ferrari disclosed it was recently the victim of a ransomware attack that may have disclosed certain personal information about its clients.

The automaker says it was made aware of the attack after it was contacted by hackers that demanded a ransom payment for customer data. Ferrari says that the information exposed included customer names, addresses, email addresses, and phone numbers—more sensitive details such as payment information or the details of ordered vehicles do not appear to have been included in the leaked information.

Ferrari SF90 Stradale

Ferrari says it was able to work with a third-party cybersecurity firm to confirm the data’s authenticity. Moreover, it declined to pay the ransom, as the customer data had already been exposed, and paying the requested money would not change that. Ferrari’s approach to declining a ransom payment has gained traction in the cybersecurity industry in recent years, as paying for data increases the chance that an organization will be victimized again, sometimes by the same threat actor, according to a report by Cybereason.

The automaker says it reported the incident to authorities and worked with third-party providers to “further reinforce [its] systems.” Ferrari claims that the data breach has had no impact on the company’s operational functions.

This isn’t the first time that a threat actor has claimed to have compromised Ferrari.

Back in October 2022, just days after Ferrari announced its Formula 1 partnership with Cybersecurity software provider Bitdefender, ransomware group RandomEXX claimed it stole 7 GB of data from the Italian automaker, including data sheets, internal documents, and more. Ferrari denied being the victim of a ransomware attack at the time and claimed it had no evidence of a breach or disruption.

It’s not clear if the two events are related, though it would be difficult to imagine Ferrari would wait five months to inform customers of a breach, especially given the EU’s strict data privacy laws. However, it is possible that Ferrari didn’t find evidence of a suspected breach during the October incident, or was only able to recently confirm data loss. In Ferrari’s statement, the automaker’s language suggested that it had already worked with a third party to perform incident response and remediation, a task which can take weeks, months, or longer depending on the size of the company and severity of the breach. The company further declined to comment on either breach, citing an ongoing criminal investigation.

Got a tip or question for the author? Contact them directly: rob@thedrive.com