Luxury sports car manufacturer, Ferrari, has confirmed that it recently suffered a data breach resulting in a threat actor contacting the company with a ransom demand related to certain client contact details. The company claims that no ransomware was deployed on its systems and that the operational functions of the company have not been impacted.

However, the attackers did access a limited number of systems in the company's IT environment, resulting in the exposure of certain client data, including names, addresses, email addresses, and telephone numbers. Ferrari became aware of the breach after receiving the ransom demand and promptly notified its clients of the potential data exposure. The company has hired outside experts to help with the investigation and reinforcement of its systems. Ferrari has refused to pay the ransom, stating that paying such demands continues to fund criminal activity and enables threat actors to perpetuate their attacks.

Clients affected by the data breach have been advised to be extra cautious with their personal information as attackers may use it to mount spear-phishing attacks. No payment details, bank account numbers, or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen, according to the company. It is unclear whether this cyber incident is related to a previous alleged attack by the RansomEXX ransomware gang that resulted in internal Ferrari documents, datasheets, repair manuals, and more being leaked online.