FIA Cyber Hack Exposes F1 Driver Data, Including Max Verstappen's Details

A recent cyber attack on the FIA's system, which manages F1 driver classifications and super licenses, exposed sensitive information belonging to several drivers, including reigning world champion Max Verstappen. The incident, which occurred in June but was only publicly disclosed this week, was quickly resolved with the help of the ethical hackers who identified the vulnerability.

Why it matters:

• The security breach highlights the ongoing challenges sports organizations face in protecting sensitive personal data in an increasingly digital world. For Formula 1, a global sport with high-profile athletes, such incidents can raise concerns about privacy and data integrity.
• While no data was downloaded or saved by the hackers, the potential for malicious actors to exploit similar vulnerabilities remains a significant risk.

The Details:

• Incident Origin: Three ethical hackers—Gal Nagli, Sam Curry, and Ian Carroll—gained access to the FIA's system by exploiting a vulnerability within the website's framework.
• Access Level: The hackers created a profile and managed to elevate their access rights to administrator status, allowing them to view the internal dashboard.
• Data Accessed: According to Nagli's X account, they could see driver information but explicitly stated they did not download or save any passports or sensitive personal information. They merely validated the vulnerability, took screenshots as proof, and ceased testing immediately.
• Resolution: The hackers collaborated with the FIA, which promptly took steps to secure the portal. The FIA also reported the incident to data protection authorities and notified the small number of drivers impacted.
• FIA's Response: The FIA confirmed that immediate measures were taken to secure drivers' data and that no other FIA digital platforms were affected. They emphasized their extensive investment in cybersecurity and resilience measures across their digital estate.
• Past Incidents: This is not the FIA's first cybersecurity issue; a separate hack last year impacted email accounts, though specific details were not disclosed.

Looking Ahead:

• This incident serves as a stark reminder for all major sports organizations to continuously review and enhance their cybersecurity protocols. The FIA's quick response and collaboration with the ethical hackers were positive, but the occurrence itself underscores the constant threat.
• Moving forward, the FIA will likely continue to invest heavily in security-by-design principles for all new digital initiatives to safeguard stakeholder data and maintain trust within the F1 community.