Max Verstappen of the Netherlands and Oracle Red Bull Racing arrives in the Paddock during previews ahead of the F1 Grand Prix of Mexico at Autodromo Hermanos Rodriguez on October 23, 2025 in Mexico City, Mexico. (Photo by Hector Vivas/Getty Images) // Getty Images / Red Bull Content Pool //
FIA News Hot News

FIA News: FIA confirms F1 driver data hacking breach

Andrew Maitland

(GMM) The FIA has confirmed it suffered a cybersecurity breach earlier this year after ethical hackers revealed they were able to access private data, including the passport and personal information of quadruple world champion Max Verstappen (pictured).

Cybersecurity researcher Ian Carroll and his colleagues detailed the discovery in a blog post, explaining how a vulnerability in the FIA’s driver categorization portal allowed them to escalate their access privileges and view confidential files belonging to professional drivers.

The exposed system – separate from the official Super License database, is used by the FIA to manage the Bronze, Silver, Gold and Platinum driver classifications for competitors across global motorsport.

The hackers said they were able to quite easily grant themselves administrator-level access and view documents including identity papers, resumes, and license records for F1 drivers.

Carroll said the group halted its test as soon as it became clear they could view Verstappen’s details.

“We stopped testing after seeing that it was possible to access Max Verstappen’s passport, resume, license, password hash, and PII,” the researchers wrote, adding that they deleted all retrieved data and reported the issue responsibly to the FIA in early June.

The FIA has since confirmed the incident to multiple media outlets, including the German news agency DPA, saying the breach occurred “this summer.”

“The FIA became aware of a cyber incident related to the driver classification website,” a spokesperson said. “Immediate measures were taken to secure the drivers’ data.”

According to the governing body, the site was promptly taken offline, and the federation worked directly with the hackers to patch the flaw and prevent future incidents.

“The FIA reported the issue to the relevant data protection authorities,” added a statement to La Gazzetta dello Sport, “and informed the affected drivers.

“No other FIA digital platforms were affected by this incident.”

The hackers – all self-described Formula 1 fans – insisted they had no malicious intent and simply wanted to draw attention to the vulnerabilities.

The FIA confirmed that collaboration with the group helped reinforce the platform’s cybersecurity framework before it was restored.