FIA respond to hack of website containing Verstappen's private data
The FIA have issued a statement in response to the cyber incident which exposed Max Verstappen's confidential data.
Flaws in an FIA website that contains the personal data of drivers including F1 world champion Max Verstappen were exposed by hackers.
F1’s governing body the FIA confirmed a security breach occurred over the summer relating to sensitive personal information of drivers including Verstappen, but said steps had been taken to secure the data.
The FIA also reported the issue to the relevant data protection authorities.
The cyber hack was reported by security researcher Ian Carroll on Wednesday. Carroll explained that he, along with two colleagues, were able to access confidential information within the FIA’s driver categorisation portal, including passport numbers and personal contact details.
The trio said they could see the personal data of every driver contained within the system after having a request to become an admin for the portal accepted. This enabled them to access Verstappen’s CV, superlicence, passport and other key personal data.
They stated they did not retain any information and immediately reported their findings to the FIA.
“We stopped testing after seeing that it was possible to access Max Verstappen’s passport, résumé, license, password hash and PII [personally identifiable information],” Carroll wrote.
“This data could be accessed for all F1 drivers with a categorisation, alongside sensitive information of internal FIA operations. We did not access any passports [or] sensitive information and all data has been deleted.”
FIA respond with statement
The FIA responded to the cyber incident in a statement issued to Crash.net.
“The FIA became aware of a cyber incident involving the FIA Driver Categorisation website over the summer,” an FIA spokesperson said.
“Immediate steps were taken to secure drivers’ data, and the FIA reported this issue to the applicable data protection authorities in accordance with the FIA’s obligations.
“It has also notified the small number of drivers impacted by this issue. No other FIA digital platforms were impacted in this incident.
“The FIA has invested extensively in cyber security and resilience measures across its digital estate. It has put world class data security measures in place to protect all its stakeholders and implements a policy of security-by-design in all new digital initiatives.”
In this article
Lewis regularly attends Grands Prix for Crash.net around the world. Often reporting on the action from the ground, Lewis tells the stories of the people who matter in the sport.
