Phishing attack compromises Formula 1 governing body email accounts

The Fédération Internationale de l’Automobile (FIA), the governing body of auto racing since the 1950s, revealed that attackers managed to access personal data by compromising several FIA email accounts through a phishing attack. Established in 1904 as the Association Internationale des Automobile Clubs Reconnus (AIACR), the FIA is a non-profit international association that oversees various auto racing championships, including Formula 1 and the World Rally Championship (WRC). With 242 member organisations spanning 147 countries across five continents, the FIA also governs the FIA Foundation, which supports and finances road safety research.

In response to the breach, the organisation swiftly took corrective actions, including promptly blocking the unauthorised accesses upon discovery of the incidents. The FIA informed the Swiss data protection regulator (Préposé Fédéral à la Protection des Données et à la Transparence) and the French data protection regulator (Commission Nationale de l’Informatique et des Libertés) about the security breach.

To prevent similar incidents in the future, the FIA implemented enhanced security measures and expressed regret for any concerns raised among the affected individuals. Emphasising its commitment to data protection and information security, the FIA continuously evaluates and strengthens its systems to combat evolving cyber threats. However, details such as the breach detection timeline, the extent of personal information accessed, and the nature of the exposed or stolen sensitive data remain undisclosed by the organisation.