FIA releases statement after hackers gain access to private Max Verstappen information

Hackers were able to gain access to Max Verstappen's private information, including the Dutchman's passport and personal details, through a weakness in the FIA's online portal. F1's governing body has since responded in a statement.

The hack occurred in June of this year, when Gal Nagli, Sam Curry, and Ian Carroll gained administrative access to the FIA's driver categorisation database. The trio then informed the organisation of their findings and worked with them to ensure a fix was implemented.

Sharing the details on his X account, Nagli explained: "We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other Formula 1 driver's sensitive data.

"It took us 10 minutes using one simple security flaw. We were looking at the security of the whole ecosystem. That's how we stumbled upon a severe vulnerability in a critical portal managed by the FIA that was reported and fixed in <24 hours."

He added: "Important clarification, we did NOT download or save any passports or sensitive personal information. We validated the vulnerability existed, took screenshots for proof, and immediately stopped testing. All test data was deleted. No driver information was compromised by us."

Nagli, Curry and Carroll were even able to access internal FIA communications, committee discussions relating to driver performance, and "confidential decision-making processes". He also confirmed that they worked with the governing body to fix the system weakness, and thanked the organisation for "taking the matter seriously".

For the latest breaking stories and headlines, sign up to our Daily Express F1 newsletter, or join our WhatsApp community here.

On Carroll's personal blog, it was explained that the group "We stopped testing after seeing that it was possible to access Max Verstappen's passport, resume, license, password hash, and PII. This data could be accessed for all F1 drivers with a categorization, alongside sensitive information of internal FIA operations. We did not access any passports / sensitive information and all data has been deleted."

Addressing the incident ahead of the Mexican Grand Prix, an FIA spokesperson stated: "The FIA became aware of a cyber incident involving the FIA Driver Categorisation website over the summer.

"Immediate steps were taken to secure drivers' data, and the FIA reported this issue to the applicable data protection authorities in accordance with the FIA's obligations. It has also notified the small number of drivers impacted by this issue. No other FIA digital platforms were impacted in this incident.

"The FIA has invested extensively in cyber security and resilience measures across its digital estate. It has put world-class data security measures in place to protect all its stakeholders and implements a policy of security-by-design in all new digital initiatives."