Ransomware attack exposed Ferrari customer data

Image via Pixabay

Italian car manufacturer Ferrari confirmed this week it was the target of a ransomware attack.

According to Ferrari, the company was recently contacted by a threat actor with a ransom demand related to certain client contact details. As soon as the ransom demand was made, Ferrari started an investigation in collaboration with a third-party cybersecurity firm. The company also notified all relevant authorities.

“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks, Ferrari said in a statement. “Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”

According to a letter sent to customers, posted to Twitter by Microsoft Regional Director Troy Hunt, certain data related to clients were exposed including names, addresses, email addresses and telephone numbers. However the company’s investigation revealed no payment details or bank account numbers were stolen. Ferrari also confirmed the breach had no impact on the company’s operational functions.

“Ferrari takes the confidentiality of our clients very seriously and understands the significance of this incident,” the company stated. “We have worked with third party experts to further reinforce our systems and are confident in their resilience.”

Cybersecurity leaders weigh in

“As is true with their cars, news of a breach raises eyebrows immediately — but outside of that, so far, there isn’t anything extraordinary about this,” commented Casey Ellis, Founder and CTO at Bugcrowd. ”Ransom-style attacks focus on targets who have the combination of money and urgency to maintain their operations if interrupted, and a luxury car brand fits both of those criteria.”

“With a brand as prominent as the car that carries the Cavallino Rampante, it's important to note that the value of the data stolen here is incredibly high,” added Andrew Barratt, Vice President at Coalfire. “Ferrari customers are typically very high net worth individuals, so this data breach is almost the 'platinum card' of data sets compromised. The individuals affected will need very specific support to ensure they're not subjects of highly targeted cybercrime.”

“Extortion tactics in ransomware increased dramatically from 2021 to 2022; by late 2022, data theft was involved in nearly 90% of the ransomware cases we remediate in our practice,” said Heath Renfrow, Co-Founder of Fenix24. “The lines are getting blurred between ransomware and extortion, since these actors use tactics both together and interchangeably. Since by some metrics, ransom payments have gone down, these extortionate tactics ensure the threat actor is rewarded for their criminal activity. Unfortunately for the victim organization, these sensitive data exposures greatly increase the destruction of the breach through public brand damage, forensics data discovery costs, public notification requirements, and legal fees. The best course of action for organizations going forward is to assess their enterprises for ransomware vulnerabilities and backup resiliency, because these bad actors aren’t going away anytime soon.”

Rachelle Blair-Frasier is Security magazine’s Managing Editor. Blair-Frasier handles eMagazine features, as well as writes and publishes online news and web exclusives on topics including physical security, risk management, cybersecurity and emerging industry trends. She helps coordinate multimedia content and manages Security magazine's social media presence, in addition to working with security leaders to publish industry insights. Blair-Frasier brings more than 15 years of journalism and B2B writing and editorial experience to the role.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.