One of the world’s best-known luxury car manufacturers has informed customers that their personal data may have been stolen, after a threat group tried to extort the company.
Ferrari said in a brief statement published yesterday that the “ransom demand related to certain client contact details.”
It claimed to have informed the “relevant authorities” and enlisted the help of a third-party security company to ascertain what happened.
“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” it argued.
“Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”
Read more about ransom payments: Ransomware Payments Fall by 40% in 2022.
That message to affected Ferrari customers by CEO, Benedetto Vigna, was posted online by Troy Hunt, founder of the HaveIBeenPwned breach notification site.
It describes the attackers as being able to access a “limited number of systems” in the firm’s IT environment.
No financial or vehicle details were stolen, but the hackers may have been able to access names, addresses, email addresses and telephone numbers, Vigna said.
It’s unclear how many customers were affected or which threat group tried to extort the sports car giant.
However, last October, a group known as RansomEXX posted online 7GB of allegedly stolen internal Ferrari data, including data sheets and repair manuals.
“Ferrari takes the confidentiality of our clients very seriously and understands the significance of this incident,” the firm said of this week’s incident.
“We have worked with third-party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company.”
Editorial image credit: yousang / Shutterstock.com