The FIA has confirmed that a cyber incident occurred last summer in which confidential data of drivers, including Max Verstappen, were temporarily accessible due to a security breach. In the run-up to the Mexico City GP, a group of hackers announced that they had obtained Verstappen’s personal data through the official FIA website using a relatively simple trick. According to the organization, the leak has now been fixed.
Security researcher Ian Carroll discovered that he could access licenses and personal documents of all drivers affiliated with the FIA through the driver’s portal. This involved sensitive information, such as his contact details, his super license, and copies of his passport and curriculum vitae.
Carroll later stated that his team had immediately reported the findings to the FIA: “We stopped testing when we saw that it was possible to access this information. We had access to the data of all Formula 1 drivers, in addition to sensitive information about internal FIA activities. We did not open any passports and all data has been carefully removed.”
‘Leak has been fixed’
A spokesperson for the FIA confirmed to Crash.net that immediate action was taken to seal the leak and inform the drivers involved – including Verstappen. “The FIA was informed last summer of a cyber incident related to the website and the driver’s portal. Immediate measures were taken to secure the drivers’ data. In addition, the FIA reported this issue to the competent authorities.”
The federation emphasized that it was a minor incident and that no other digital platform was affected. “The FIA has also informed the small number of drivers affected by this issue,” said the spokesperson. “In addition, the FIA has made significant investments in the cybersecurity of its digital domains. It implements high-quality measures to protect all parties involved and adheres to a ‘security by design’ policy in all new digital environments.”
