em360tech image

Fédération Internationale de l'Automobile (FIA), the governing body for Formula 1, has warned that hackers have gained access to sensitive data following a cyber attack. 

The incident, first disclosed in a statement on Wednesday, saw hackers successfully compromise several FIA employee's email accounts through phishing emails. This allowed them to gain unauthorised access to personal data shared within employee emails. 

"Recent incidents pursuant to phishing attacks have led to the unauthorised access to personal data contained in two email accounts belonging to the FIA," the organization said in a statement. 

"The FIA took all actions to rectify the issues, notably in cutting the illegitimate accesses in a very short time, once it became aware of the incidents."

FIA says it notified the Swiss data protection regulator Préposé Fédéral à la Protection des Données et à la Transparence and the the French data protection regulator Commission Nationale de l'Informatique et des Liberté of the incident.

The Formula 1 governing body has also taken additional security measures to block similar attacks in the future and said it "regrets any concern caused to the affected individuals."

"We take our data protection and information security obligations very seriously and continuously review our systems to ensure they are robust, in the context of evolving cyber-criminality," it added.

Formula 1 in the hot seat

FIA has yet to disclose when the breach was detected, how many individuals' personal information was accessed, or what sensitive data was exposed or stolen in the incident.

Cybersecurity experts warn that Formula 1 fans and all businesses related to racing should be cautious of various incoming emails, text messages, and fraudulent ticket resellers due to the nature of the attack. 

"This incident underscores a fundamental truth in cybersecurity that no entity, regardless of its size or the nature of its domain, is impervious to cyber threats,” said Javvad Malik, lead security awareness advocate at KnowBe4.

“Phishing, a method seemingly as old as the internet itself, remains one of the most effective tools in a cybercriminal's arsenal, exploiting humans rather than technological vulnerabilities.”

The cyber attack on FIA arrives in the week leading up to the Formula 1 Grand Prix at Silverstone, which takes place this weekend. The Formula 1 British Grand Prix is one of the world's most popular sporting events, attracting thousands of fans from all over.

fia cyber attack

Statement by FIA on cyber attack.

Unfortunately, as Greg Day, VP and global field CISO at Cybereason, notes, this also makes it a target for cyber attacks.

“It's human nature to think, ‘it won't happen to me’. However, this breach highlights that adversaries can be both opportunistic and strategic, and every organisation must be prepared,” said Mr Day. 

“Most businesses are required by regulations to notify stakeholders with clear insights on the incident and response strategy.

“As IT and cyber threats become more complex, businesses need to decide if they have the skills and capabilities to handle this internally or outsource. They must also regularly test these capabilities to build the necessary muscle memory and experience, added mr Day.