Maranello-based maker of all things exotic and on four wheels, Ferrari informed clients late last night that they, and subsequently owners, have been victim(s) of a ransomware attack.
In addition to Ferrari’s statement that quotes that the organisation had been, “contacted by a threat actor with a ransom demand related to certain client contact details,” a further notification sent to “Ferrarista”s noted that “certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers. Your data may have been included as part of this incident. However, based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.”
After sharing the image on Twitter, security and cloud development professional Troy Hunt posed an interesting question:
Is this the same incident RansomEXX was responsible for in October? Surely not if it was in the news then and they're sending this email 5 months later? https://t.co/Hd8Ry34OHH pic.twitter.com/GNTlFid6ec
— Troy Hunt (@troyhunt) March 20, 2023
Troy is referring to a 7GB data breach that Ferrari fell victim to in October of 2022 that saw internal documents, data sheets, repair manuals, and more absconded by outside parties.
Perhaps not, and the two could be completely separate incidents, but it does leave for a scratching of heads, particularly when considering that we’re talking about the company behind the winningest F1 team of all time, the producers of a base model car that starts at $226,570, and developers of an EV that is expected to launch in 2025 at a cost of $321,000.