Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Ferrari Says Ransomware Attack Exposed Customer Data

Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations.

Ferrari website vulnerability

Italian sports car maker Ferrari said on Monday that a threat actor had demanded a ransom related to customer contact details that may have been exposed in a ransomware attack.

“Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm,” the iconic car maker said. “In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.”

The company did not say when the incident occurred, but it could be related to reports of a ransomware attack back in October 2022, when the “RansomEXX” group claimed it had stolen and leaked 7 GB of data from Ferrari—which Ferrari denied at the time.

“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” Ferrari said in a statement on March 20. “Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”

In notifications sent via email to customers, Ferrari said the exposed information includes name, address, email address, and phone number. The company has found no evidence that financial information and details on owned or ordered cars have been compromised.

With Ferrari having one of the most expensive car lineups in the word, a contact list of wealthy customers is very attractive to cybercriminals and could give them the opportunity to customize malicious, targeted emails.

Ferrari said the breach has not impacted operational functions of the company and that it has worked with “third party experts” to boost the security of its systems.

Advertisement. Scroll to continue reading.

While Ferrari did not mention RansomEXX in its statement, the ransomware gang has been connected to several other attacks, including logistics giant Hellmann Worldwide, software and services firm Tyler Technologies, and several others.

Related: Cyber Insights 2023 | Ransomware

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.