The Italian automaker's firewalls have been penetrated, but it's playing hardball with the hackers.
In a press release on its corporate website and via private letters sent to customers, one of which CarBuzz has seen, Ferrari has confirmed that it has been the victim of a ransomware-based cyberattack. The letter we saw was signed by Ferrari CEO Benedetto Vigna and says that "certain data relating to our clients was exposed, including names, addresses, email addresses, and telephone numbers." Thankfully, the letter adds that its investigation has found no evidence of more sensitive information being leaked, such as payment details or bank account numbers. Ferrari also says that details on Ferrari cars owned or ordered have not been obtained by the criminals either, so don't fret if you recently placed an order for the new Roma Spider.
Upon receiving a demand from "a threat actor with a ransom demand," Ferrari started an investigation with the help of "a leading global third-party cybersecurity firm" and alerted the relevant authorities. As this last bit suggests, Ferrari is not bending to the demands of these hackers and says that its firm policy is to refuse such demands, as they fund criminal activity and enable more attacks.
"Instead, we believed the best course of action was to inform our clients." We agree. Just as many governments refuse to negotiate with terrorists because it would set a precedent others would follow, Ferrari is opting not to pay up because it would have to do so every time such an attack happened, which hopefully will not be for some time.
As you'd expect, Ferrari has enlisted the help of experts to reinforce its systems and feels confident that future breaches are highly unlikely.
With the digitalization of every industry, opportunities for the nefarious to obtain private information or otherwise disrupt normal life are in abundant supply. The government has said as much, with the NHTSA forced to update its guidelines on safety measures pertaining to connectivity features. Hackers have attacked EV charging stations and gas stations in equal measure, and Ferrari is just the latest automaker to suffer following attacks on Volvo, Toyota, Nissan, General Motors, and Honda. In the case of Honda, this was serious enough to necessitate a temporary shutdown at some of its North American factories.
Unfortunately, this is just a part of doing business in the digital age. As security improves and new processes are integrated, hackers quickly adapt and find new ways of extorting companies or disrupting their operations. Perhaps we should all go back to basic cars whose only type of connection is that the tires have with the road.
Join The Discussion