FIA warns Formula 1 fans of data breach

The Fédération Internationale de l'Automobile (FIA), the organization that manages the Formula 1 races, says attackers were able to gain access to personal information of Formula 1 spectators in a recent phishing attack.

By sending misleading phishing messages, hackers gained unauthorized access to two email accounts belonging to the FIA.

“The FIA took all actions to rectify the issues, notably in cutting the illegitimate accesses in a very short time, once it became aware of the incidents,” the organizer says in a brief statement.

Both the Commission Nationale de l'Informatique et des Libertés, the French data protection authority (DPA) and the Préposé Fédéral à la Protection des Données et à la Transparence, the Swiss data protection regulator, were notified of the incident.

The FIA apologizes for any concern the data breach may cause for affected Formula 1 fans and says data protection and information security are of the highest priority. The FIA has put additional security measures in place to protect itself from future attacks. The organizer doesn’t go into detail what steps it took to prevent this from happening again.

Hackers promise access to ‘exclusive merchandise’

This isn’t the first time the FIA has to deal with hackers. In March 2024 the website of the Belgian Grand Prix Spa-Francorchamps was hacked. The attackers managed to steal an undisclosed number of email addresses of Formula 1 fans.

Unsuspecting spectators received several phishing mails, saying they had won access to ‘exclusive team merchandise, official clothing and digital F1 content’, as well as a 50 euro coupon.

Unfortunately, the email was fake and part of a spear phishing campaign. Vanessa Maes, general manager of the Spa-Francorchamps Grand Prix, warned people not to click on the malicious link in the email and to be “extremely careful” when it comes to providing personal details.