Image via Oracle Red Bull Racing
The Fédération Internationale de l’Automobile (FIA) has confirmed a cybersecurity breach that exposed the personal information of Formula 1 world champion Max Verstappen, including his passport, contact details, and official license documents.
COTA Turn One Chaos: McLaren’s Double DNF Becomes Instant Meme Gold
According to reports from ESPN and cybersecurity bloggers involved, the breach occurred through the FIA Driver Categorisation website, a portal used by competitors in global motorsport to register for racing licenses. The hackers — who describe themselves as ethical bug bounty hunters — said they were able to gain admin-level access within ten minutes simply by applying for it through the site’s online form.
Once inside, the group discovered highly sensitive data, including Verstappen’s personal correspondence with the FIA, license files, and even internal discussions about driver performance. The same database reportedly contained information on other F1 drivers with endurance or sports car backgrounds, including Lando Norris, Fernando Alonso, and Nico Hülkenberg.
Apple TV Secures Exclusive U.S. Broadcast Rights for Formula 1 Beginning in 2026
Security researcher Ian Carroll, who helped uncover the flaw, wrote on his blog that he and collaborator Gal Nagli stopped their investigation immediately after realizing the extent of the exposure.
“We stopped testing after seeing that it was possible to access Max Verstappen’s passport, license, password hash, and other personal data,” Carroll said. “We deleted all files and reported the issue to the FIA right away.”
The FIA later confirmed the details of the breach, emphasizing that it acted swiftly to contain the incident.
“The FIA became aware of a cyber incident involving the FIA Driver Categorisation website over the summer,” an FIA spokesperson said. “Immediate steps were taken to secure drivers’ data, and the FIA reported the issue to the applicable data protection authorities.”
The organization noted that only a small number of drivers were affected, and no other FIA digital systems were compromised. The vulnerability has since been patched.
This breach highlights ongoing concerns over cybersecurity in motorsport, where vast amounts of personal and technical data are stored digitally. While the hackers insist no information was misused, the incident serves as a wake-up call — even the world’s most tightly regulated racing body isn’t immune from cyber threats.
About the Author
