author photo
By Cam Sivesind
Wed | Mar 22, 2023 | 4:35 AM PDT

Ferrari has disclosed a data breach following a ransom demand received from attackers that gained access to some of the company's IT systems.

While the luxury sports car maker said the attackers gained access to its network and then demanded a ransom not to leak data stolen from its systems, Ferrari is yet to disclose if this was a ransomware attack or just an extortion attempt.

"Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details," the company said in a statement. "Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm."

Ferrari says customer information exposed in the incident includes names, addresses, email addresses, and telephone numbers. So far, Ferrari is yet to find evidence that payment details, bank account numbers, or other sensitive payment information was accessed or stolen.

Here's what a few cybersecurity vendor representatives have to say about the incident.

According to Casey Ellis, Founder and CTO of Bugcrowd:

"As is true with their cars, news of a breach raises eyebrows immediately. But outside of that, so far, there isn't anything extraordinary about this. Ransom-style attacks focus on targets who have the combination of money, and urgency maintain their operations if interrupted, and a luxury car brand fits both of those criteria."

Andrew Barratt, Vice President at Coalfire, said:

"This looks very much like a 'stock' disclosure from Ferrari. With a brand as prominent as the car that carries the Cavallino Rampante, it's important to note that the value of the data stolen here is incredibly high. Ferrari customers are typically very high net worth individuals, so this data breach is almost the 'platinum card' of data sets compromised. The individuals affected will need very specific support to ensure they're not subjects of highly targeted cybercrime."

Heath Renfrow, Co-Founder of Fenix24, said:

"Extortion tactics in ransomware increased dramatically from 2021 to 2022; by late 2022, data theft was involved in nearly 90% of the ransomware cases we remediate in our practice. The lines are getting blurred between ransomware and extortion, since these actors use tactics both together and interchangeably. Since by some metrics, ransom payments have gone down, these extortionate tactics ensure the threat actor is reward for their criminal activity.

Unfortunately for the victim organization, these sensitive data exposures greatly increase the destruction of the breach through public brand damage, forensics data discovery costs, public notification requirements, and legal fees. The best course of action for organizations going forward is to assess their enterprises for ransomware vulnerabilities and backup resiliency, because these bad actors aren't going away anytime soon."