AutoBeta(AutoBeta.net)03/21 Report--

Another car company has been hacked, this time by Italian luxury sports car maker Ferrari. On March 20, Ferrari said in an email to customers that its wholly-owned Italian subsidiary Ferrari S.p.A. Recently, it was attacked by hackers from unknown sources, and the hackers asked the company for ransom related to the contact information of some customers.

Ferrari said that due to the blackmail software attack, customer information, including customer name, address, phone number and other related information was disclosed, but the payment information, bank account number and details of Ferrari cars owned or ordered were not stolen, so it did not affect the operation of the company. Officials said the attack was reported to authorities immediately after the discovery of vulnerabilities in the system, and was working with a cyber security company to investigate the scope of the impact. In the face of the hacker attack, Ferrari said in an email: the company will not pay the ransom. On the contrary, the company believes that the best course of action is to notify the customer, so it has informed the customer of the situation of the potential data breach and the nature of the incident.

So far, Ferrari has not disclosed how many customers have been affected. It is important to note that it is not uncommon for the auto industry to be attacked by hackers and extorted. At the end of last year, it was also exposed that user data had been stolen from the new power brand of domestic car building, Lulai Automobile. NIO received an external email on December 11 claiming to have internal data and extorted $2.25 million in bitcoin for leaked data, according to an emergency statement at the time. After receiving the blackmail, the company set up a special team on the same day to investigate and respond, and immediately reported the incident to the relevant regulatory authorities. After a preliminary investigation, the stolen data are the basic information of some users and vehicle sales information before August 2021.

In response to the leakage of user data, the customer service staff of Lai Automobile said that they would not take the initiative to compensate, but "be responsible for the losses caused to users as a result of this incident." Then the company issued an apology, and Li Bin, founder of the company, also said bluntly at the media communication meeting that he would not compromise with criminals or set a precedent for compensation, and would not compromise even if the company went bankrupt.

Similarly, international car companies, including Volkswagen, Volvo and Toyota, have all experienced similar cases. In June 2021, Volkswagen said data on nearly 3.3 million customers or potential buyers had been compromised; research and development data on Volvo's operations had also been hacked in the same year; and in October 2022, Toyota announced that the personal information of about 296000 customers using its T-connect service may have been compromised.

According to statistics, from December 2020 to now, a total of 980 data leaks with car companies have been released on the dark network platform, involving brands including Volkswagen, BMW, Mercedes-Benz, Audi, Changan, NIO, as well as Continental Group, Nvidia and other suppliers. According to statistics, an average of seven data leaks with car companies have been released on five dark web platforms every month since December 2020, of which more than 98% of the leaked data are mixed car owners' data from multiple car companies. the leakage channels may be DMV, dealers, third-party platforms, and so on.

In fact, Chinese and foreign car companies are subject to hacker attacks and extortion from time to time. In the face of hacker extortion, car companies sometimes choose to pay ransom in order to "calm things down." however, Wang Yaozeng, assistant secretary general and head of the Technology Department of the China Association of Automobile Manufacturers, pointed out that in the face of information theft, information extortion and open network crimes, it is necessary for more car companies to come forward, join relevant institutions and the automobile industry, severely crack down on the network underground industry, and promote the upgrading of vehicle information security technology. Better protect the information security of users.

Compared with traditional fuel vehicles, intelligent electric vehicles carry a large number of sensors, cameras and powerful processors, which are essentially equivalent to mobile computers or robots, which not only brings more convenience to users, but also gives lawbreakers opportunities to take advantage of. Car intelligence and the growing scale of car data also means that more personal and environmental data are uploaded and stored. These data are of great value to automakers, mobile operators, insurance companies and other service providers. Once such information is stolen and sold by lawbreakers, the harm can also be imagined.

At present, the automobile industry is entering a new era of intelligent network connection, and after more cars are endowed with intelligent and interconnected characteristics, more and more automobile network security incidents have also triggered thinking in the industry. Industry insiders say that if you let go of the data security of smart cars, it will bring major hidden dangers to personal privacy protection and even social security, so smart cars need to keep the bottom line of data security. This also means that "how to maintain the safety of car companies and car owners" will become an indispensable "compulsory" course in the popularization of automobile intelligence.

Of course, the issue of automobile intelligent safety is worth thinking about, but there is no need to worry too much. After all, there is also a gradually perfect safety prevention system and relevant laws and regulations to deal with. Last year, China also issued laws and regulations such as "opinions on strengthening Intelligent Network connection Automobile production Enterprises and Product access Management", "several provisions on Automobile data Safety Management (for trial implementation)," and "guidelines for the Construction of vehicle Network Security and data Security Standard system." it defines the responsibilities and obligations of automobile enterprises in data collection, custody and use.

Welcome to subscribe to the WeChat public account "Automotive Industry Focus" to get the first-hand insider information on the automotive industry and talk about things in the automotive circle. Welcome to break the news! WeChat ID autoWechat