Ferrari Done the dirty on me
Discussion
craig511 said:
I have sent them this email.
Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig Dow
Whilst it is highly annoying I am sure, these crims make their money out of blackmailing similar corporations and them paying the ransom. Good Morning,
I was very concerned to read your email this morning about the data breach.
I am concerned that criminals now know my address and that I have a Ferrari.
Can you confirm exactly what details you hold on me and which of those are now in the hands of the "hackers".
Regards,
Craig Dow
The likelihood of one of them turning up in the middle of the night to nick your Ferrari is tiny.
They are more likely state-sponsored criminals working in an office and can most likely afford to buy your Ferrari off the back off other lucrative hacks.
My life insurance provider was hacked, the perps obtained similar details. As well as an apology. they voluntarily provided 2yrs free CIFAS protective registration, to protect my credit history from potential fraud, which normally costs 25 quid. It's the least Ferrari could do, to offer to pay for this for you.
https://www.cifas.org.uk/pr
As it was I was never 'pinged' for anything, I'm clearly not worthy!
Mr Moley said:
I got the same email
I'd noticed over the past few weeks that the level of spam incoming to my personal email was off the scale compared to anything I'd seen previously, including some that was relatively sophisticated. Could be a coincidence....
Funnily enough I’m just the reverse - only had a very few spam emails recently so can only assume you have a much better address !I'd noticed over the past few weeks that the level of spam incoming to my personal email was off the scale compared to anything I'd seen previously, including some that was relatively sophisticated. Could be a coincidence....
I work in IT and part of my role is selling security services and products so I'd been reading up on this over the last couple of days. What makes it worse is that it's the second time Ferrari have been breached in the last 6 months and on this occasion they didn't even know they'd been breached until the hacker made their demand...
alscar said:
Mr Moley said:
I got the same email
I'd noticed over the past few weeks that the level of spam incoming to my personal email was off the scale compared to anything I'd seen previously, including some that was relatively sophisticated. Could be a coincidence....
Funnily enough I’m just the reverse - only had a very few spam emails recently so can only assume you have a much better address !I'd noticed over the past few weeks that the level of spam incoming to my personal email was off the scale compared to anything I'd seen previously, including some that was relatively sophisticated. Could be a coincidence....
Mr Moley said:
I got the same email
I'd noticed over the past few weeks that the level of spam incoming to my personal email was off the scale compared to anything I'd seen previously, including some that was relatively sophisticated. Could be a coincidence....
this is more than a coincidenceI'd noticed over the past few weeks that the level of spam incoming to my personal email was off the scale compared to anything I'd seen previously, including some that was relatively sophisticated. Could be a coincidence....
exactly the same here, with 88 spam emails so far today
Here's their reply.
We have no evidence that your data were compromised as a consequence of the cyber incident or made publicly available. Even so, as of today, we cannot exclude that your contact data has not been accessed by the threat actor.
In this respect and based on our current information, we would like to draw your attention to the fact that - should any of your personal contact data have been accessed by the threat actor - the data would be limited to: client name, address(es), email(s) and telephone number(s)
As such, please rest reassured that no financial information was stolen such as payment details, bank account numbers, or other sensitive payment information, nor details of vehicles owned or ordered.
Furthermore, no passwords have been leaked in this incident and there is no specific need to change them.
We apologize again and thank you for your understanding.
Yours sincerely,
We have no evidence that your data were compromised as a consequence of the cyber incident or made publicly available. Even so, as of today, we cannot exclude that your contact data has not been accessed by the threat actor.
In this respect and based on our current information, we would like to draw your attention to the fact that - should any of your personal contact data have been accessed by the threat actor - the data would be limited to: client name, address(es), email(s) and telephone number(s)
As such, please rest reassured that no financial information was stolen such as payment details, bank account numbers, or other sensitive payment information, nor details of vehicles owned or ordered.
Furthermore, no passwords have been leaked in this incident and there is no specific need to change them.
We apologize again and thank you for your understanding.
Yours sincerely,
Funk said:
I work in IT and part of my role is selling security services and products so I'd been reading up on this over the last couple of days. What makes it worse is that it's the second time Ferrari have been breached in the last 6 months and on this occasion they didn't even know they'd been breached until the hacker made their demand...
Is this all cover for hackers having been paid by some nefarious organisation to change key F1 team Wind Tunnel & CFD data?Frankly, I doubt they give a s
t...
Sept 3rd 2020, Email from Ferrari.com to "Manage your newsletters and GDPR consent". No consent given prior to this.
Sept 3rd 2020, All newsletters deselected. "I DISAGREE" selected to all three options (Marketing Ferrari S.p.A, Profiling, Marketing Ferrari Group)
Sept 8th, 2020, Email from Ferrari.com to "Rediscover unmatched driving pleasure"... "You are receiving this email because you provided Ferrari S.p.A. with your consent." - I did not provide Ferrari S.p.A. with consent.
Over the subsequent couple of months I also received a number of sales cold calls and emails, relating to the F8 Tributo and Portofino M, from two different Ferrari dealers (i.e. supplying/servicing). I had to confirm on two calls, and in two emails, that I did not wish to be contacted before it eventually stopped.
t...Sept 3rd 2020, Email from Ferrari.com to "Manage your newsletters and GDPR consent". No consent given prior to this.
Sept 3rd 2020, All newsletters deselected. "I DISAGREE" selected to all three options (Marketing Ferrari S.p.A, Profiling, Marketing Ferrari Group)
Sept 8th, 2020, Email from Ferrari.com to "Rediscover unmatched driving pleasure"... "You are receiving this email because you provided Ferrari S.p.A. with your consent." - I did not provide Ferrari S.p.A. with consent.
Over the subsequent couple of months I also received a number of sales cold calls and emails, relating to the F8 Tributo and Portofino M, from two different Ferrari dealers (i.e. supplying/servicing). I had to confirm on two calls, and in two emails, that I did not wish to be contacted before it eventually stopped.
Mr Moley said:
I'd noticed over the past few weeks that the level of spam incoming to my personal email was off the scale compared to anything I'd seen previously, including some that was relatively sophisticated. Could be a coincidence....
It is a unique email address I provided to Ferrari/the dealers. So far - no SPAM to that email address.markiii said:
PurpleTurtle said:
the likelihood of one of them turning up in the middle of the night to nick your Ferrari is tiny.
I'd suggest the likelyhood of it being sold to someone who will is extremely highMost will be garaged/secure parked as a matter of course anyway. The idea that there is a bunch of specialist thieves just waiting to find out Ferrari owners addresses so they can go and steal to order is just pie in the sky. If they really want it they'll just lob a GPS tracker on it and tail it to the owner's home, or (better) a place of insecure parking and nick it it from there.
If this were me, I wouldn't be think I was at increased risk of vehicle__ theft, but would be at increased risk of __identity theft.
I see there was a recent thread about a similar hack at Arnold Clark.
Nobody on that seems bothered about increased risk if vehicle theft but, Arnold Clark, like any decent corporate looking to minimise reputational damage, has offered to pay for 2 years of premium Equifax credit monitoring for those affected.
Without wishing to sound like a stuck record from my previous post, that Ferrari haven't done this shows how out of touch their IT security policy is.
It is not the cost involved (negligible to most Ferrari owners) but the fact that organisation that has been hacked should be seen to be doing everything they can to minimise the fallout from this. Those emails from Ferrari have the tone of a massive corporate shrug.
PurpleTurtle said:
Nobody on that seems bothered about increased risk if vehicle theft but, Arnold Clark, like any decent corporate looking to minimise reputational damage, has offered to pay for 2 years of premium Equifax credit monitoring for those affected.
The Arnold Clark hack involved bank details, National Insurance numbers, DoB, vehicle info, identity docs, as well as routine name and address stuff.It's on a whole different level to this.
craig511 said:
Here's their reply.
We have no evidence that your data were compromised as a consequence of the cyber incident or made publicly available. Even so, as of today, we cannot exclude that your contact data has not been accessed by the threat actor.
In this respect and based on our current information, we would like to draw your attention to the fact that - should any of your personal contact data have been accessed by the threat actor - the data would be limited to: client name, address(es), email(s) and telephone number(s)
As such, please rest reassured that no financial information was stolen such as payment details, bank account numbers, or other sensitive payment information, nor details of vehicles owned or ordered.
Furthermore, no passwords have been leaked in this incident and there is no specific need to change them.
We apologize again and thank you for your understanding.
Yours sincerely,
Boris Johnson has apparently already found a new job.We have no evidence that your data were compromised as a consequence of the cyber incident or made publicly available. Even so, as of today, we cannot exclude that your contact data has not been accessed by the threat actor.
In this respect and based on our current information, we would like to draw your attention to the fact that - should any of your personal contact data have been accessed by the threat actor - the data would be limited to: client name, address(es), email(s) and telephone number(s)
As such, please rest reassured that no financial information was stolen such as payment details, bank account numbers, or other sensitive payment information, nor details of vehicles owned or ordered.
Furthermore, no passwords have been leaked in this incident and there is no specific need to change them.
We apologize again and thank you for your understanding.
Yours sincerely,
PurpleTurtle said:
markiii said:
PurpleTurtle said:
the likelihood of one of them turning up in the middle of the night to nick your Ferrari is tiny.
I'd suggest the likelyhood of it being sold to someone who will is extremely highMost will be garaged/secure parked as a matter of course anyway. The idea that there is a bunch of specialist thieves just waiting to find out Ferrari owners addresses so they can go and steal to order is just pie in the sky. If they really want it they'll just lob a GPS tracker on it and tail it to the owner's home, or (better) a place of insecure parking and nick it it from there.
If this were me, I wouldn't be think I was at increased risk of vehicle__ theft, but would be at increased risk of __identity theft.
I see there was a recent thread about a similar hack at Arnold Clark.
Nobody on that seems bothered about increased risk if vehicle theft but, Arnold Clark, like any decent corporate looking to minimise reputational damage, has offered to pay for 2 years of premium Equifax credit monitoring for those affected.
Without wishing to sound like a stuck record from my previous post, that Ferrari haven't done this shows how out of touch their IT security policy is.
It is not the cost involved (negligible to most Ferrari owners) but the fact that organisation that has been hacked should be seen to be doing everything they can to minimise the fallout from this. Those emails from Ferrari have the tone of a massive corporate shrug.
Gassing Station | Supercar General | Top of Page | What's New | My Stuff