A few hours ago, Ferrari made an official statement revealing an informational breach. The press release comes after the company received a ransom demand about “certain client contact details”.
After the unnamed threat actor managed to break into some of the company’s IT systems and contacted the automaker with the said demand, Ferrari launched an investigation together with a top cybersecurity partner, while having also informed the “relevant authorities”.
In the release, the company states it will not accept the ransom request, “as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,“.
The carmaker has already notified its customers about the data breach while stating this didn’t interfere with its operational functions. At the time of the release, Ferrari stocks (NYSE: RACE) had closed the day—march 20,2023—at $262,48, a 1.27% increase.
In letters sent to its customers, which have made their way to social media, the company mentions that the exposed data may include names, addresses, e-mail addresses, and telephone numbers.
However, according to the said investigation, this doesn’t include payment details, bank account numbers, or other sensitive payment information, nor details of Ferrari vehicles owned or ordered.
At the moment, it’s not clear if this breach is related to the ransomware attack Ferrari suffered in October 2022—neither the press release nor the customer letters mention anything about this.
Back then, a cyber gang named RansomEXX leaked 7 GB of stolen Ferrari data on the Red Hot Cyber website. The move came just days after the company’s F1 team had reached a sponsorship deal with cybersecurity provider Bitdefender.