Ferrari Done the dirty on me
Discussion
So woke up to this email today.
Does this mean some Russian gang knows where I live and I should expect to be robbed any day now for my car.
Bright side, no cards details taken though.
Dear Ferrarista,
We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment. As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers. Your data may have been included as part of this incident. However, based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.
We were recently contacted by a threat actor with a ransom demand related to such customer data. As a policy, Ferrari will not be held to ransom as paying such demands continues to fund criminal activity and enables threat actors to perpetuate their attacks. Moreover, it does not fundamentally change the data exposure.
Upon receipt of the ransom demand, we started an investigation in collaboration with a leading global third-party forensics firm and have confirmed the data’s authenticity. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.
We have worked with third party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company.
We take the confidentiality of our clients seriously and understand the significance of this incident and for this reason we have notified you promptly.
If you would like to contact Ferrari for additional information, please email us at customerservice@owners.ferrari.com or privacy@ferrari.com where a team will be able to assist you.
We would like to take this opportunity to apologise sincerely for this event and rest assured we will do everything in our power to regain your trust.
Yours sincerely,
Benedetto Vigna
Chief Executive Officer
Ferrari S.p.A.
Does this mean some Russian gang knows where I live and I should expect to be robbed any day now for my car.
Bright side, no cards details taken though.
Dear Ferrarista,
We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment. As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers. Your data may have been included as part of this incident. However, based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.
We were recently contacted by a threat actor with a ransom demand related to such customer data. As a policy, Ferrari will not be held to ransom as paying such demands continues to fund criminal activity and enables threat actors to perpetuate their attacks. Moreover, it does not fundamentally change the data exposure.
Upon receipt of the ransom demand, we started an investigation in collaboration with a leading global third-party forensics firm and have confirmed the data’s authenticity. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.
We have worked with third party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company.
We take the confidentiality of our clients seriously and understand the significance of this incident and for this reason we have notified you promptly.
If you would like to contact Ferrari for additional information, please email us at customerservice@owners.ferrari.com or privacy@ferrari.com where a team will be able to assist you.
We would like to take this opportunity to apologise sincerely for this event and rest assured we will do everything in our power to regain your trust.
Yours sincerely,
Benedetto Vigna
Chief Executive Officer
Ferrari S.p.A.
I have sent them this email.
Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig Dow
Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig Dow
Here's their reply.
We have no evidence that your data were compromised as a consequence of the cyber incident or made publicly available. Even so, as of today, we cannot exclude that your contact data has not been accessed by the threat actor.
In this respect and based on our current information, we would like to draw your attention to the fact that - should any of your personal contact data have been accessed by the threat actor - the data would be limited to: client name, address(es), email(s) and telephone number(s)
As such, please rest reassured that no financial information was stolen such as payment details, bank account numbers, or other sensitive payment information, nor details of vehicles owned or ordered.
Furthermore, no passwords have been leaked in this incident and there is no specific need to change them.
We apologize again and thank you for your understanding.
Yours sincerely,
We have no evidence that your data were compromised as a consequence of the cyber incident or made publicly available. Even so, as of today, we cannot exclude that your contact data has not been accessed by the threat actor.
In this respect and based on our current information, we would like to draw your attention to the fact that - should any of your personal contact data have been accessed by the threat actor - the data would be limited to: client name, address(es), email(s) and telephone number(s)
As such, please rest reassured that no financial information was stolen such as payment details, bank account numbers, or other sensitive payment information, nor details of vehicles owned or ordered.
Furthermore, no passwords have been leaked in this incident and there is no specific need to change them.
We apologize again and thank you for your understanding.
Yours sincerely,
Gassing Station | Supercar General | Top of Page | What's New | My Stuff