The FIA was hacked last June, as announced on Thursday. However, a vigilant ethical hacker managed to prevent a major data breach. The hacker discovered a security issue on an FIA website and immediately alerted the international motorsport federation. Nevertheless, the incident raises questions about the federation’s digital security — especially since sensitive data, including that of Max Verstappen, was found to be accessible.
Cybersecurity researcher Ian Carroll discovered that the FIA Driver Categorisation website had serious security issues. The so-called white hat hacker managed to gain ‘admin’ access to the system, thereby gaining access to sensitive information of all categorised drivers. “It appeared that we had full administrative rights on the FIA driver categorisation website,” Carroll explains on his own website.
Shocking Discovery During Investigation
During the investigation, he made a shocking discovery. “We stopped testing after we saw that it was possible to access Max Verstappen‘s passport, CV, license, passwords, and PII (Personally Identifiable Information),” he writes. “This data could be accessed for all F1 drivers with a categorization, along with sensitive information about internal FIA operations. We did not open any passports or sensitive information and all data has been deleted.” The hacker emphasizes that he acted solely out of ethical motives and informed the FIA directly as soon as he discovered the leak.
FIA Tightens Security
In a statement, the international motorsport federation confirms the incident: “The FIA was informed last summer of a cyber incident related to the FIA Driver Categorisation website.” According to the federation, a limited number of individuals were affected. “A small number of drivers have been affected by this issue and have been informed. No other digital platforms of the FIA have been affected by this incident.”
The FIA states that it has taken additional measures following the incident. “We have made significant investments in cybersecurity and resilience measures within our digital environment,” the federation says. “World-class security measures have been implemented to protect all those involved. In addition, the FIA applies a ‘security-by-design’ policy to all new digital initiatives.” The FIA has now closed the incident, but it remains a wake-up call for the motorsport federation.
