Italian sports car maker Ferrari said on Monday that a threat actor had demanded a ransom related to customer contact details that may have been exposed in a ransomware attack.
“Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm,” the iconic car maker said. “In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.”
The company did not say when the incident occurred, but it could be related to reports of a ransomware attack back in October 2022, when the “RansomEXX” group claimed it had stolen and leaked 7 GB of data from Ferrari—which Ferrari denied at the time.
“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” Ferrari said in a statement on March 20. “Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”
In notifications sent via email to customers, Ferrari said the exposed information includes name, address, email address, and phone number. The company has found no evidence that financial information and details on owned or ordered cars have been compromised.
With Ferrari having one of the most expensive car lineups in the word, a contact list of wealthy customers is very attractive to cybercriminals and could give them the opportunity to customize malicious, targeted emails.
Ferrari said the breach has not impacted operational functions of the company and that it has worked with “third party experts” to boost the security of its systems.
While Ferrari did not mention RansomEXX in its statement, the ransomware gang has been connected to several other attacks, including logistics giant Hellmann Worldwide, software and services firm Tyler Technologies, and several others.
Related: Cyber Insights 2023 | Ransomware

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
