2023 has seen its fair share of data breaches within the first few months. Unfortunately, threat actors don’t seem to be stopping any time soon. Their main aim is to target big companies. Even names like Dish Network and Activision fell victim to cyberattacks. Now, none other than Ferrari joins the mix.
When a company discloses a data breach, everyone involved should take proper precautions immediately. It took Ferrari a ransom demand to disclose the attack. Does that mean that the damage has already been done?
Ferrari is one of the biggest luxury sports car makers in the world, which means that the breach itself is could be huge and very impactful. Here’s what we know about it.
A Ransom Note – Ferrari’s IT Systems Compromised
When it comes to cybercrime, the bigger the company is, the more impactful the breach becomes. We’re referring to the data of millions of customers.
For example, about a month ago, Pepsi Bottling Venture’s systems were compromised as cybercriminals managed to install info-stealing malware and harvested crucial information from its IT department.
Ferrari is no different. As of 2021, Ferrari became the 10th-largest car manufacturer by market capitalization.
A breach in such a company can do a lot, especially since the customer information harvested in the attack includes addresses, phone numbers, names, and email addresses:
“We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment.”
With email addresses and telephone numbers, cybercriminals have so many options for their next strike. They can use emails for phishing attacks and numbers for Smishing.
In a statement, the Italian company explained further what the breach is all about and how it is handling it. It’s also working with cybersecurity firms to investigate deeper into the matter:
“Maranello (Italy), 20 March 2023 – Ferrari N.V. (NYSE/EXM: RACE) (“Ferrari”) announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details.
Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm.
In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.”Source: Ferrari
Most companies negotiate with cybercriminals to pay a ransom. We definitely don’t blame them, as there’s too much at stake in terms of sensitive information.
However, according to Ferrari’s statement, the company won’t be doing so. It states that complying with such demands funds criminal activity, which aids threat actors in future malicious endeavors. Ferrari won’t be aiding them in that.
Beware of Phishing! The Ferrari Breach Aftermath
As we mentioned, the harvested data is more than enough for cybercriminals to start a new phishing campaign. Now that Ferarri denied the threat actors their ransom, they’re going to retaliate.
They’ll either release the data to the public, where other cybercriminals can benefit, or perform the phishing attacks themselves. Let’s hope it’s neither. For the time being, just stay vigilant when you receive any email from Ferrari.