FIA has confirmed a breach involving the hacking of data related to F1 drivers.
"The FIA became aware of a cyber incident"
The FIA has acknowledged that it experienced a cybersecurity breach earlier this year after ethical hackers disclosed their ability to access private information, including the passport and personal details of quadruple world champion Max Verstappen. Cybersecurity researcher Ian Carroll and his team described their findings in a blog entry, explaining that a weakness in the FIA’s driver categorization portal enabled them to elevate their access rights and view sensitive documents belonging to professional drivers.
The compromised system, which is distinct from the official Super Licence database, is utilized by the FIA to oversee the Bronze, Silver, Gold, and Platinum classifications for competitors in global motorsport. The hackers mentioned that they could easily grant themselves administrator-level access and access documents such as identity papers, resumes, and license records for Formula 1 drivers. Carroll noted that the group ceased their testing upon realizing they could access Verstappen’s information.
"We stopped testing after it became clear we could access Max Verstappen’s passport, resume, license, password hash, and personally identifiable information," the researchers wrote, adding that they removed all retrieved data and responsibly informed the FIA about the issue in early June. The FIA has since acknowledged the incident to various media outlets, including the German news agency DPA, stating that the breach took place "this summer."
"A spokesperson mentioned, 'The FIA became aware of a cyber incident concerning the driver classification website.' Immediate actions were implemented to safeguard the drivers’ data." As per the governing body, the site was swiftly taken offline, and the federation collaborated directly with the hackers to rectify the vulnerability and avert future occurrences. "The FIA reported the matter to the appropriate data protection authorities," a statement to La Gazzetta dello Sport added, "and notified the affected drivers. No other FIA digital platforms were compromised in this incident."
The hackers, who all identified as Formula 1 fans, asserted that they had no malicious intentions and merely aimed to highlight the vulnerabilities. The FIA confirmed that working with the group strengthened the platform’s cybersecurity framework before it was reinstated.
Other articles
Aston Martin acknowledges a slight violation of the budget cap.
Formula 1 | New rumors regarding budget-cap violations in Formula 1 have emerged in Mexico, with Aston Martin acknowledging a small procedural error, while (…)
Leclerc supports Ferrari staff in light of viral memes.
Formula 1 | Charles Leclerc maintains that Ferrari has the appropriate individuals in position, even though another unsatisfactory season has transformed the Maranello team into a (...)
Colapinto avoids answering contract inquiries amid Alpine tensions.
Formula 1 | Franco Colapinto has dismissed rumors regarding his future, but his vague responses in Mexico did little to quell discussions suggesting that he is already (…)
Hadjar dismisses the possibility of an early switch to Red Bull.
Formula 1 | Although Isack Hadjar has experienced a decline in performance since the summer, he is still optimistic about his chances of moving up to Red Bull Racing in 2026 - even amid rising tensions (…)
Verstappen and Norris dismiss the 'tape-gate' controversy.
Formula 1 | The 'tape-gate' controversy that started on the grid in Austin has continued in Mexico City, but Max Verstappen is keeping a safe distance from the distractions - and from (…)
FIA has confirmed a breach involving the hacking of data related to F1 drivers.
Formula 1 | The FIA has acknowledged that it experienced a cybersecurity breach earlier this year after ethical hackers disclosed that they managed to access private information - (…)