What are the potential risks arising from the incident?

The potential risks for individuals whose personal data was involved include: Phishing and targeted cyber attacks, using obtained contact information. Possible unauthorized exposure of personal data. Loss of control over personal data, which may result in receiving unwanted marketing communications.

What can I do to protect myself?

We recommend adopting the following security measures: Be cautious of phishing attempts, such as suspicious emails or messages requesting personal information. Avoid sharing sensitive data online and always verify the authenticity of received communications.

What measures has Maserati taken to manage the incident?

We immediately deactivated the compromised account and are working with our cybersecurity experts to implement additional security measures to prevent future breaches. As required by Regulation (EU) 2016/679 (GDPR), we have notified the incident to the Data Protection Authority.

Data Incident Communication

On February 15, 2025, an unauthorized individual used the credentials of an employee from our call center service provider to access our customer data management system (“CRM”) and download a significant amount of personal data related to Maserati customers and potential customers. The unauthorized access occurred from an IP address located in India. We discovered the incident on February 19, 2025, and immediately initiated appropriate investigations and containment measures and informed the competent Authority.

The incident involved a series of personal data stored in Maserati's CRM system. The categories of data that could be present in the system and therefore potentially affected include: Identifying and contact data (e.g., name, surname, email address, phone number) Additional personal data (gender, nationality, language) Vehicle data (vehicle identification number (VIN), license plate number) Contact data of dealers and their employees (name, surname, and email addresses) Bank account or credit card details (e.g., card numbers, CVV, IBAN, or other sensitive banking information) were not affected. It is important to note that not all this data was present for every individual concerned: their possible compromise depends on the specific presence of such information in the database at the time of the breach.

The potential risks for individuals whose personal data was involved include:

Phishing and targeted cyber attacks, using obtained contact information.
Possible unauthorized exposure of personal data.
Loss of control over personal data, which may result in receiving unwanted marketing communications.

Maserati is committed to ensuring maximum transparency in managing the incident.

For this reason, Maserati has made a channel available for individuals to request information regarding the involvement of their personal data in the incident.

How to submit an information request:

Individuals can send their requests via email to the following addresses:

For the United States and Canada: mymaserati@maserati.com
For Korea: infokorea@maserati.com
For Japan: info.japan@maserati.com
For China: info@maserati.com
For other countries: info@maserati.com

To ensure a prompt and accurate response, requests must:

Have “Information Request FAQ” as the subject of the email.
Include the necessary information for Maserati to verify the identity of the requester (e.g., name, surname, email used for interaction with Maserati).
Maserati is committed to providing a response as quickly as possible.

What exactly happened?

What personal data was affected?

What are the potential risks arising from the incident?

What can I do to protect myself?

What measures has Maserati taken to manage the incident?

How can I get more information about the incident?