Ferrari Skids Into A Data Breach Exposing Customer Details To A Ransomware Gang
A hacker or hackers were recently able to gain access to the Maranello based company's IT systems, demanding a ransom for the client info. Ferrari's press statement informs that "a threat actor with a ransom demand related to certain client contact details." The Italian auto brand assured that an immediate investigation was made in collaboration with a leading third-party cybersecurity firm.
Moreover, according to a notification email sent to its customers (like you and I, of course) adds that the breach exposed client information such as names, addresses, email addresses, and phone numbers, although it doesn't seem like financial information (like bank account or payment details) were part of the stolen information.
Since the attack, it seems like Ferrari was quickly able to secure the breached systems. Its media statement says that, "As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks." As an added reassurance, the company adds, "We have worked with third party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company."
Thankfully, this IT breach does not seem to have caused severe harm, but it does expose a common thread among global automakers: a lot of them suffer from massive data security gaps or loopholes. As recently as January, white hat (or ethical) hackers were able to prove how easy it is to penetrate, circumvent, and obtain data from BMW, Ferrari (yes, you read right), Ford, Jaguar-Land Rover, Mercedes-Benz, Porsche, and Rolls-Royce. The same group of white hatters had also found vulnerabilities in Honda, Hyundai, Nissan, and Toyota late last year. Also in December, Swedish company Volvo was involved in a ransomware attack, its second attack since 2021.
