An unknown threat actor has hacked the Italian luxury automaker Ferrari and is now demanding a ransom in exchange for certain client contact details.
The sports and race car manufacturer announced what it is calling a “cyber incident” on its website Monday.
“Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details,” the statement said.
The company said it will not succumb to the hacker's demands.
“As a policy, Ferrari will not be held to ransom, as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” the luxury company said.
“Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident,” Ferrari said.
Considering the typical cost of a Ferrari ranges from more than $200,000 to over $600,000, according to one of the brand's official dealers, clients most likely represent a who's who of the world's wealthiest.
Based in Maranello, Italy, it appears the automaker was not aware they had been breached until they were contacted by the hacker.
The breach occurred through a third-party vendor hosting consumer data on a public cloud server.
"Here is your most current reminder that every third party with access to a manufacturer's data represents a potential avenue for cyberattack.
Nissan North America on January 16 reported to the Office of the Maine Attorney General a data breach that affected 17,998 people (785 of which live in Maine). According to the report, the breach originally occurred on June 21, 2022, and was discovered on September 26, 2022. Customer notifications began going out on December 19, 2022.
According to BleepingComputer and as reported by Nissan in said customer notifications, the breach originated with a third-party software development vendor that had used Nissan's customer data for development and testing purposes."
"The vulnerabilities could let attackers remotely track, stop or control a car -- even an entire fleet of emergency vehicles. Another could give hackers access to some 15.5 million automobiles, allowing them to send commands to control braking systems.
In total, a group of ethical car hackers discovered at least 20 vulnerabilities within the application programming interface, or APIs, that automakers rely on so technology inside cars can interact. The vulnerabilities affected Ford, Toyota, Mercedes, BMW, Porsche, Ferrari, and others."