Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company's IT systems.
"We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment," Ferrari says in breach notification letters sent to customers.
While Italian luxury sports car maker said the attackers gained access to its network and the attackers demanded a ransom not to leak data stolen from its systems, Ferrari is yet to disclose if this was a ransomware attack or just an extortion attempt.
"Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details," the company said in a statement.
"Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm."
Ferrari says customer information exposed in the incident includes names, addresses, email addresses, and telephone numbers.
So far, Ferrari is yet to find evidence that payment details, bank account numbers, or other sensitive payment information was accessed or stolen.
No impact on Ferrari's operations
Ferrari has taken measures to secure the compromised systems and says the attack has had no impact on the company's operations.
After discovering the breach, Ferrari also reported the attack to relevant authorities and is working with a cybersecurity company to investigate the scope of the impact.
"As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks," the company added.
"Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident."
A Ferrari spokesperson declined to provide more details regarding the incident "due to the ongoing criminal investigation."
Update March 21, 13:10 EDT: Added Ferrari statement.
Comments
johnlsenchak - 1 year ago
Like everyone owns a Ferrari !
h_b_s - 1 year ago
The type of people in Ferrari's audience matter. Rich people are far more likely to individually sue with more skilled lawyers over something like this as a matter of principle because they have the disposable funds to do so.
TimMcP - 1 year ago
By far the data exfiltrated will be about people who have bought branded Ferrari merchandise, rather than vehicles, because it's the former you can buy via the web site. If you want a car, you fill out the 'enquire' button. It's not like you can order a Roma Spider online and put your credit card details in.