FIA admits to data breach exposing Verstappen’s information

The FIA has confirmed a cybersecurity breach that allowed ethical hackers to access private data from its driver classification system, including passport details and personal information belonging to four-time world champion Max Verstappen.

Cybersecurity researcher Ian Carroll and his team disclosed the flaw in a recent blog post, revealing that a vulnerability in the FIA’s driver categorisation portal enabled them to escalate privileges and view confidential documents belonging to licensed competitors.

The compromised database - separate from Formula 1’s official Super Licence system - manages the Bronze, Silver, Gold, and Platinum rankings used across global motorsport.

According to Carroll, the researchers were able to gain administrator-level access and view files such as identification papers, resumes, and licence records for multiple F1 drivers.

"We stopped testing after seeing that it was possible to access Max Verstappen's passport, resume, licence, password hash, and PII," the group explained.

They said all retrieved data was deleted immediately, and the vulnerability was reported responsibly to the FIA in early June. The FIA later confirmed the breach to several media outlets, including Germany’s DPA agency, stating that the incident occurred “this summer.”

"The FIA became aware of a cyber incident related to the driver classification website," a spokesperson said. "Immediate measures were taken to secure the drivers' data."

The governing body said the site was swiftly taken offline, with FIA technicians collaborating directly with the ethical hackers to patch the flaw and strengthen protections.

"The FIA reported the issue to the relevant data protection authorities," a statement to La Gazzetta dello Sport added, "and informed the affected drivers. "No other FIA digital platforms were affected by this incident."

The hackers, who described themselves as Formula 1 fans, stressed that their intentions were purely ethical and aimed at highlighting security weaknesses rather than exploiting them. The FIA confirmed that working with the researchers ultimately helped improve the security architecture of the platform before it was restored.