THE Fédération Internationale de l’Automobile (FIA), the governing body for car racing events such as Formula 1 and the World Rally Championship, revealed that personal data was compromised due to a phishing attack on two FIA email accounts.
“Recent incidents pursuant to phishing attacks has led to the unauthorised access to personal data contained in two email accounts belonging to the FIA,” the organization said in a statement on Wednesday.
“The FIA took all actions to rectify the issues, notably in cutting the illegitimate accesses in a very short time, once it became aware of the incidents.”
The non-profit automobile racing organization stated that it notified the French data protection regulator (Commission Nationale de l’Informatique et des Libertés) and the Swiss data protection regulator (Préposé Fédéral à la Protection des Données et à la Transparence).
“The FIA regrets any concern caused to the affected individuals,” the organization said, adding that they have implemented additional security measures to mitigate against any future attacks.
“This incident underscores a fundamental truth in cybersecurity – no entity, regardless of its size or the nature of its domain, is impervious to cyber threats,” said Javvad Malik, lead security awareness advocate at KnowBe4.
“Phishing, a method seemingly as old as the internet itself, remains one of the most effective tools in a cybercriminal’s arsenal, exploiting humans rather than technological vulnerabilities.
“It is why in addition to technical controls, equal focus needs to be placed on the human aspect of cybersecurity and fostering a strong cybersecurity culture where the security of an organisation becomes a collective responsibility taken on by all.”
Erfan Shadabi, cybersecurity expert at Comforte AG, also commented: “No industry, business, or organization is immune to cyber threats, as underscored by the recent disclosure of a data breach by the Fédération Internationale de l’Automobile (FIA).
“In today’s digital age, virtually all entities collect and store data, making them potential targets for cyberattacks. To mitigate such risks, it is crucial to adopt a data-centric security approach.
“This means focusing on protecting the data itself, regardless of where it resides or how it is transmitted. Techniques such as encryption, tokenization, and robust access controls should be employed to ensure that sensitive information remains secure even if other defences are breached.”