Ferrari Customer Data Exposed by Ransomware Attack

Italian luxury car manufacturer Ferrari has confirmed that it was the victim of a ransomware attack that exposed its customers' personal information.

The carmaker stated that a threat actor accessed a limited number of systems in its IT environment. Ferrari CEO Benedetto Vigna sent a letter to affected customers in which he apologized for the incident and confirmed that clients' names, addresses, email addresses and telephone numbers were accessed.

Vigna further stated, "based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen." Ferrari also did not reveal the number of customers affected, how its systems were compromised, or the date of the attack.

The company added in a separate statement that it has not paid the undisclosed ransom demand and will not do so as it believes "as a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks."

In response to the attack, Ferrari said, "We immediately started an investigation in collaboration with a leading global third-party cybersecurity firm. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law."

Ferrari refrained from disclosing the identity of the threat actor responsible in its statements. It also did not provide any comment regarding the potential connection between this data breach and an earlier alleged incident in October 2022, when the RansomEXX group claimed it had stolen and leaked 7GB of data from Ferrari.

Despite the breach not affecting the company's operations, Ferrari has taken steps to enhance its systems in collaboration with third-party experts. It is confident in its resilience and has reassured its customers in hopes of regaining their trust.