Italian carmaker Ferrari says it will refuse to pay a ransom after an unspecified threat actor broke into its IT systems and stole customer data
Supercar manufacturer Ferrari has warned customers that their personal data may be at risk after a limited number of its IT systems were compromised and information exfiltrated by an as-yet unspecified threat actor.
The Maranello, Italy-based firm reached out to those involved on Monday 20 March. In a letter to customers – a verified copy of which has been seen by Computer Weekly – chief executive Benedetto Vigna said the exposed data included names, addresses, email addresses and telephone numbers.
Vigna reassured customers that based on the current state of the investigation, the organisation was confident that no customer financial data, nor data on any of their vehicles, had been compromised.
In a public statement, a Ferrari spokesperson said the organisation had been contacted by the threat actor with a ransom demand related to “certain client contact details”. The organisation did not identify the threat actor involved.
“Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cyber security firm. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law,” said the spokesperson.
“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.