21 March 2023

Ferrari discloses data breach, refuses to pay ransom demand


Ferrari discloses data breach, refuses to pay ransom demand

Italian luxury sports car maker Ferrari revealed it has suffered a data breach after it received a ransom demand from threat actors who compromised the company’s IT systems.

In a short statement regarding the incident Ferrari said that according to the company’s policy it “will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.”

The automaker said it has launched an investigation into the matter and informed “customers of the potential data exposure and the nature of the incident.”

In a letter sent to affected clients the company explained that a threat actor gained access to a limited number of its IT systems and some customer data, including names, addresses, email addresses, and phone numbers.

Ferrari says it found no evidence that sensitive payment details or information on Ferrari cars owned or ordered have been stolen in the attack.

It’s unclear if the recent hack is related to an October 2022 incident that saw a ransomware group known as “RansomEXX” claim to have breached the carmaker. More than 7GB of allegedly Ferrari internal documents were posted to the gang’s victim blog, including data sheets and repair modules.


Back to the list

Latest Posts

Cyber Security Week in Review: May 24, 2024

Cyber Security Week in Review: May 24, 2024

In brief: Google fixes Chrome zero-day, a backdoor found in JAVS software, and more.
24 May 2024
Chinese APTs increasingly using ORB networks to mask attack infrastructure

Chinese APTs increasingly using ORB networks to mask attack infrastructure

Mandiant reports that it is actively monitoring several ORB networks, with the most notable being SPACEHOP and FLORAHOX.
23 May 2024
Threat actors exploit vulnerable drivers to disable EDRs in cryptojacking attack

Threat actors exploit vulnerable drivers to disable EDRs in cryptojacking attack

Ghostengine deploys several modules to tamper with security tools, establish a backdoor, and ensure software updates are in place.
22 May 2024