Ferrari confirms customer data breached following ransomware attack

Ferrari logo on car bodywork
(Image credit: Shutterstock.com / Cineberg)

Italian luxury sportscar maker Ferrari has suffered a ransomware attack that saw sensitive customer data stolen. 

A press release published on the Ferrari website, as well as an email the company sent to affected customers, confirmed that following a cyber-incident, the Ferrari Italian subsidiary was contacted by a threat actor, demanding that the ransom demand be paid.

“Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law,” the press release noted.

No impact on operations

Elsewhere in the release, Ferrari said it would not be making any payments, as that would only motivate the attackers more, and give them money to conduct additional attacks.

“Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident," it said.

In the notification sent to Ferrari customers, the company said a threat actor "was able to access a limited number of systems in our IT environment." The data the hackers took includes sensitive information such as names, postal addresses, email addresses, and telephone numbers. Payment details, bank account numbers, or other sensitive payment information is most likely safe, as there’s no evidence (so far) that they’ve been taken, too.

Ferrari concluded the notification by saying that the attack did not impact its operations in any way. 

While the company’s move is commendable, there are certain details that have been left out, like the name of the threat actor behind the attack, and whether or not this has anything to do with the recent GoAnywhere MFT fiasco. Furthermore, the company did not say how much money the attackers are demanding in exchange for the data. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.