Ferrari Done the dirty on me
Discussion
So woke up to this email today.
Does this mean some Russian gang knows where I live and I should expect to be robbed any day now for my car.
Bright side, no cards details taken though.
Dear Ferrarista,
We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment. As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers. Your data may have been included as part of this incident. However, based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.
We were recently contacted by a threat actor with a ransom demand related to such customer data. As a policy, Ferrari will not be held to ransom as paying such demands continues to fund criminal activity and enables threat actors to perpetuate their attacks. Moreover, it does not fundamentally change the data exposure.
Upon receipt of the ransom demand, we started an investigation in collaboration with a leading global third-party forensics firm and have confirmed the data’s authenticity. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.
We have worked with third party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company.
We take the confidentiality of our clients seriously and understand the significance of this incident and for this reason we have notified you promptly.
If you would like to contact Ferrari for additional information, please email us at customerservice@owners.ferrari.com or privacy@ferrari.com where a team will be able to assist you.
We would like to take this opportunity to apologise sincerely for this event and rest assured we will do everything in our power to regain your trust.
Yours sincerely,
Benedetto Vigna
Chief Executive Officer
Ferrari S.p.A.
Does this mean some Russian gang knows where I live and I should expect to be robbed any day now for my car.
Bright side, no cards details taken though.
Dear Ferrarista,
We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment. As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers. Your data may have been included as part of this incident. However, based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.
We were recently contacted by a threat actor with a ransom demand related to such customer data. As a policy, Ferrari will not be held to ransom as paying such demands continues to fund criminal activity and enables threat actors to perpetuate their attacks. Moreover, it does not fundamentally change the data exposure.
Upon receipt of the ransom demand, we started an investigation in collaboration with a leading global third-party forensics firm and have confirmed the data’s authenticity. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.
We have worked with third party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company.
We take the confidentiality of our clients seriously and understand the significance of this incident and for this reason we have notified you promptly.
If you would like to contact Ferrari for additional information, please email us at customerservice@owners.ferrari.com or privacy@ferrari.com where a team will be able to assist you.
We would like to take this opportunity to apologise sincerely for this event and rest assured we will do everything in our power to regain your trust.
Yours sincerely,
Benedetto Vigna
Chief Executive Officer
Ferrari S.p.A.
)I have sent them this email.
Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig Dow
Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig Dow
craig511 said:
I have sent them this email.
Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig
What's the betting...Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig
"We are very sorry but due to GDPR regulations we are not at liberty to disclose that information."
Edited by SteveStrange on Tuesday 21st March 17:25
had this too, given the nature of most ferraris owners financial profile I think this is quite bad and should expect to be bombarded with investment scams etc
it's hard to realise the scope of what people can do with this information (depending on what it is) until a lot further down the line
it's hard to realise the scope of what people can do with this information (depending on what it is) until a lot further down the line
SteveStrange said:
craig511 said:
I have sent them this email.
Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig
What's the betting...Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig
"We are very sorry but due to GDPR regulations we are not at liberty to disclose that information."
Edited by SteveStrange on Tuesday 21st March 17:25
Maybe all those affected should submit a Subject Access Request (SAR) to Ferrari at the same time and see what results they get back? Usually, complying with a SAR request can take some time and effort for businesses...
craig511 said:
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Seriously? Your "garage" is public on Pistonheads, you've just published your real name, yet you're concerned about Ferrari's breach which is probably mostly just people that have just bought merchandise online,I am concerned that criminals now know my address and that I have a Ferrari.
Gassing Station | Supercar General | Top of Page | What's New | My Stuff