Luxury sports car manufacturer Ferrari has announced that a currently unknown threat actor has gotten hold of their customer data and is attempting to extort the company. Typically, this type of data extortion goes alongside a ransomware event, but Ferrari stated that there was no impact on the “operational functions” of the company.

The stolen data includes names, addresses, email addresses and phone numbers. Such data would be useful to car thieves and cybercrime gangs alike as they could use the data to plan physical thefts of vehicles or cyber-attacks against Ferrari's customer base. Ferrari has engaged a security vendor to perform incident response activities.

The ransom amount is unknown, but the company stated in a letter to customers:

As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks. Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.

Three different versions of the letter to customers could be found on the Ferrari website. However, there were only grammatical differences between v1, v2 and v3; nothing significantly different from a reporting perspective.

Historical targeting

In October 2022, a group called RansomEXX claimed that they had compromised Ferrari and stolen 7GB of data which was data of an operational nature. It's currently unclear if the two incidents are linked.

As more information comes to light, this story will be updated.