Ferrari working with law enforcement after ransom demand from cybercriminals

A hacker contacted Ferrari and demanded a ransom for information stolen about their clients, prompting the Italian luxury sports car maker to contact law enforcement.

Ferrari director of communications Krista Florin declined to answer several questions about the incident, telling The Record that due to an “ongoing criminal investigation,” they are unable to share more information.

Ferrari would not say when they received the ransom demand, when the hack may have occurred or if it was connected to a ransomware incident. But in a statement published Monday evening, the company explained that they hired a cybersecurity firm after receiving the demand.

“Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details,” the company said. “In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law. As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.”

Instead of paying the ransom, Ferrari said it preferred to notify customers about the potential data exposure and the nature of the incident.

The statement adds that the breach had no impact on the operation functions of the company.

In a letter to customers, Ferrari said a threat actor managed to access a "limited number of systems" in its IT environment – exposing the names, addresses, email addresses and phone numbers of clients. The company did not respond to requests for comment about how many customers were affected.

Ferrari has been breached.

Intel via @Malcoreio pic.twitter.com/vqT0LMEB6t

— vx-underground (@vxunderground) March 21, 2023

No financial or bank information was included in the breach.

Despite claiming that they are now working with third-party experts to “further reinforce” their systems and are “confident in their resilience,” this is the latest in a series of cybersecurity incidents allegedly affecting the company.

In October 2022, the ransomware group RansomEXX claimed to have stolen 7 GB of data from the company. The stolen documents allegedly included contracts, invoices, internal company information, repair manuals and more.

The company told The Record at the time that there was “no evidence of a breach of its systems or ransomware.”

Reuters reported on another 2021 incident where the Everest ransomware group successfully attacked Speroni, a parts supplier for Ferrari, Lamborghini and Maserati.

The announcement also comes just two months after a researcher discovered cybersecurity bugs in vehicles from Ferrari and others that could have allowed for the full takeover of vehicles.