Ferrari has a problem on its hands—and it isn’t missing the podium at the first two races of the Formula 1 season.
The Italian marque announced earlier this week that it had fallen victim to a “cyber incident” in which customer data was accessed by a third party. To make matters worse, the automaker also said the “threat actor” is now demanding ransom for the information—which it will not pay.
Ferrari informed customers about the breach on Monday, according to Bloomberg. In a message viewed by the financial news service, the Prancing Horse revealed that client names, addresses, e-mail addresses, and phone numbers were exposed during the incident. The marque made clear, though, that payment information and details about customers’ high-priced sports cars had not been stolen.
The breach has been referred to as a ransomware attack in much of the resulting news coverage, but it’s unclear if it actually is one. In a typical ransomware situation, the perpetrators will lock down access to files on a computer or a network and demand money to give control back to the company. Jalopnik points out that while Ferrari has said the exposed information is being held for ransom, the breach has had “no impact on operation functions” at the automaker, which is unusual for a ransomware attack.
In its message to customers, as well as another posted to its website, Ferrari has stated it will not meet the demand of the hackers. “As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” the automaker said. “Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”
Ferrari did not immediately respond to Robb Report‘s request for comment.
This isn’t the first data breach that Ferrari has suffered in recent months. This past October, the marque announced seven gigabytes of leaked internal documents had been discovered online. At the time, the automaker stated it had no reason to believe it was the victim of a cyber attack, despite local news coverage reporting otherwise. Citing ongoing investigations, Ferrari has so far declined to say whether the two incidents may be connected.