Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company’s IT systems.
“We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment,” Ferrari says in breach notification letters sent to customers.
While Italian luxury sports car maker said the attackers gained access to its network and the attackers demanded a ransom not to leak data stolen from its systems, Ferrari is yet to disclose if this was a ransomware attack or just an extortion attempt.
“Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details,” the company said in a statement.
“Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm.”
Ferrari says customer information exposed in the incident includes names, addresses, email addresses, and telephone numbers.
So far, Ferrari is yet to find evidence that payment details, bank account numbers, or other sensitive payment information was accessed or stolen.
No impact on Ferrari’s operations
Ferrari has taken measures to secure the compromised systems and says the attack has had no impact on the company’s operations.
After discovering the breach, Ferrari also reported the attack to relevant authorities and is working with a cybersecurity company to investigate the scope of the impact.
“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” the company added.
“Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”
A Ferrari spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
Source: www.bleepingcomputer.com