Super sports car manufacturer Ferrari is notifying an unknown number of customers that their contact information is in the hands of crooks, after the Italian company received a ransom threat.
In a news release, Ferrari N.V. said it was recently contacted by a threat actor with a ransom demand “related to certain client contact details.” Upon receipt of the ransom demand, it immediately started an investigation in collaboration with a leading global third-party cybersecurity firm. In addition, it brought in law enforcement authorities.
“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” the statement says.
Security researcher Troy Hunt posted a copy of the letter that was sent to customers on his Twitter feed. “A threat actor was able to access a limited number of systems in our IT environment,” it says in part. Data accessed includes names, addresses, email addresses and phone numbers.
No customer payment information, bank account numbers or other sensitive information was accessed, the letter adds.
A list of Ferrari customers would be prized by crooks for phishing attacks because the car owners would be high net worth individuals. One of the most famous brand names in the world — let alone in sports cars — its limited production cars are prized by driving enthusiasts and collectors. Continental Ferrari, an Illinois Ferrari dealership, says a base Ferrari Roma would start at US$218,000. Limited edition cars would go for three times as much or more.
This is the not the first cyber attack reported on Ferrari. According to a news report, last October the RansomEXX claimed it had stolen 7GB of data. At the time the company said it had no evidence of a breach of its systems or of ransomware.