Formula One governing body FIA reveals customer data breach

Fédération Internationale de l’Automobile said it experienced a data security incident that followed a phishing attack on its email accounts.

Fédération Internationale de l’Automobile (FIA) is the governing body for many auto racing events, including Formula One. Its most prominent role is in the licensing and sanctioning of Formula One, World Rally Championship, World Endurance Championship, TCR World Tour, World Rallycross Championship, Formula E, and various other forms of racing.

In a data security incident notice posted on its website, FIA said threat actors mounted a phishing attack to compromise two internal email accounts subsequently gained access to personal data contained in those email accounts.

“The FIA took all actions to rectify the issues, notably in cutting the illegitimate accesses in a very short time, once it became aware of the incidents,” reads the notice.

The governing body has notified Commission Nationale de l’Informatique et des Libertés (the French data protection regulator), and the Préposé Fédéral à la Protection des Données et à la Transparence (the Swiss data protection regulator) about the incident and is working with them to resolve the issue at the earliest. FIA said it also implemented additional security measures to avoid similar incidents in the future.

“The FIA regrets any concern caused to the affected individuals. We take our data protection and information security obligations very seriously and continuously review our systems to ensure they are robust, in the context of evolving cyber-criminality. The FIA has put additional security measures in place to protect against any future attacks,” FIA added.

The organisation is yet to share details on when it detected the incident, the number of affected people or the nature of the compromised data. No hacker group has claimed responsibility for the data security incident at the time of publishing.