FIA confirms cyberattack exposing personal data of F1 drivers, including Verstappen

MEXICO CITY, Oct 24 — Formula One’s governing body, the International Motoring Federation (FIA), confirmed on Thursday that it had suffered a cybersecurity breach exposing personal data of several drivers, including four-time world champion Max Verstappen.

In a statement issued during the Mexico City Grand Prix, the FIA said the breach occurred “over the summer” and involved the FIA Driver Categorisation website, where hackers accessed sensitive information such as passport numbers and contact details of nearly 7,000 drivers.

“Immediate steps were taken to secure the data, and the FIA has reported the incident to relevant data protection authorities in line with its obligations,” the statement said.

“It has also informed the small number of affected drivers. No other FIA digital platforms were impacted.”

The FIA added that it continues to strengthen its cybersecurity systems and follows a “security-by-design” policy for all new digital platforms.

The breach was first revealed by cybersecurity researcher Ian Carroll on Wednesday. He said he and two colleagues were able to access the confidential data in June after their administrator request for the site was mistakenly approved.

They reportedly viewed Verstappen’s passport, CV, super licence, and other details before halting their testing.

“We stopped once we realised the extent of access — including sensitive personal information of F1 drivers and internal FIA operations,” Carroll told Crash.net, adding that all data was subsequently deleted.

The FIA took the affected website offline on June 3 and restored it a week later after “comprehensive” repairs.

Verstappen, currently competing for his fifth world title at this weekend’s Grand Prix, has not yet commented publicly on the breach but was expected to address reporters later on Thursday. — AFP