- – Tesla discloses data breach affecting 75,000 individuals.
- – Whistleblower leak exposes personal info to German media outlet.
- – Former employees violate data protection policies, sharing data.
- – Leaked ‘Tesla Files’ contain employee details and production secrets.
- – Legal actions initiated, highlighting data protection challenges.
Electric vehicle giant, Tesla has recently revealed a data breach that has affected approximately 75,000 individuals. Contrary to the typical cyberattack narrative, this breach stems from a whistleblower leak, revealing sensitive information to the German media outlet Handelsblatt.
Unveiling the Breach:
Tesla’s disclosure to the state of Maine’s attorney general office has shed light on a data breach that occurred in May 2023. The breach led to the exposure of personal information, including social security numbers, of over 75,700 individuals. The compromised data encompasses names, contact information, and employment records of both current and former employees.
Whistleblower Revelation:
The breach’s origins trace back to two former Tesla employees who allegedly shared confidential company information with Handelsblatt.
The automaker stated that these ex-workers had “misappropriated the information in violation of Tesla’s IT security and data protection policies.” This breach incident highlights the challenge companies face in maintaining data security even after employees leave their roles.
Compromised Information:
The data leaked to Handelsblatt, colloquially referred to as the ‘Tesla Files,’ contained an extensive array of information. The leaked data reportedly encompassed details about more than 100,000 current and former employees, including customer banking information, production trade secrets, and customer complaints related to driver assistance systems.
Legal Ramifications and Protective Measures:
Tesla swiftly responded to the breach by initiating legal action against the responsible employees. Court orders were secured to prevent further dissemination and use of the stolen data, under threat of criminal penalties.
The leaked data is not intended for publication by Handelsblatt, reducing the immediate risk of data misuse. However, Tesla is taking additional measures to safeguard affected individuals by offering credit monitoring and identity protection services. A template letter written by Tesla’s Data Privacy Officer, Steven Elentuk, revealed the following information:
A foreign media outlet (named Handelsblatt) informed Tesla on May 10, 2023 that it had obtained Tesla confidential information. The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet. The outlet has stated that it does not intend to publish the personal information, and in any event, is legally prohibited from using it inappropriately. Tesla immediately took steps to contain the incident, understand the scope, and protect your information. Among other things, we identified and filed lawsuits against the two former employees. These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties. Tesla cooperated with law enforcement and external forensics experts and will continue to take appropriate steps as necessary.
Future Implications:
Although not a malicious cyberattack, the breach has raised concerns about data protection and the security of confidential data within the company. The breach underscores the critical importance of data protection and cybersecurity within organizations.
Even without the traditional hallmarks of a cyberattack, the vulnerability posed by insider threats and data leaks remains significant. Companies, especially those dealing with sensitive and confidential information, must strengthen their data protection policies and employee exit protocols to mitigate the risk of such incidents.