The breach compromised some of Ferrari’s IT systems, after which the company received a ransom demand from hackers. The hackers claimed they accessed several systems in Ferrari’s IT environment.
In breach notification letters sent to customers, Ferrari regretted the incident and informed them that the customer information exposed included names, addresses, email addresses, and telephone numbers.
However, the company has not found evidence that payment details, bank account numbers, or other sensitive payment information were accessed or stolen.
The incident could be related to an October 2022 ransomware attack. Reports at the time said the RansomEXX group claimed to have stolen and leaked 7 GB of data from Ferrari. Ferrari denied the reports then, but the latest data breach announcement suggests that the company’s IT systems may not have been as secure as it claimed.
Ferrari has taken measures to secure the compromised systems and says the attack has not impacted the company’s operations. The luxury car maker has also reported the attack to relevant authorities and is working with a cybersecurity company to investigate the scope of the impact.
Ferrari has stated that it will not pay the ransom demand, as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks. Instead, the company believes that the best course of action was to inform its clients, and it has notified its customers of the potential data exposure and the nature of the incident.