Luxury carmaker Ferrari announced on Monday that it has been targeted by a ransomware attack in which customer contact details may have been exposed. The company said it received a ransom demand related to the incident and has launched an investigation with the help of a leading global cybersecurity firm.
Although Ferrari did not specify when the attack took place, it could be linked to a previously reported incident in October 2022, when the "RansomEXX" group claimed to have stolen and leaked 7 GB of data from the company. Ferrari denied the allegations at the time.
"As a matter of policy, Ferrari does not negotiate with ransomware attackers, as paying ransom only serves to perpetuate criminal activity," the company said in a statement. "Instead, we have notified our customers about the potential data exposure and have taken steps to boost the security of our systems."
Ferrari has sent notifications to its customers by email, informing them that their name, address, email address, and phone number may have been compromised. The company has confirmed that there is no evidence that financial information or details of owned or ordered cars have been impacted.
The breach is a reminder that wealthy individuals are prime targets for cybercriminals, who can use the exposed information to create customized phishing emails.
If you're concerned about the security of your own business, consider scheduling a FREE consultation for our Managed Detection & Response service. Our expert team can help you detect and respond to potential cyber threats before they become a problem. Contact us today to learn more.
Despite the attack, Ferrari says its operations have not been affected, and it has worked with third-party cybersecurity experts to enhance the security of its systems.
While Ferrari did not explicitly mention the "RansomEXX" group in its statement, the gang has been linked to several other high-profile attacks, including those on logistics giant Hellmann Worldwide and software and services firm Tyler Technologies.