Tesla, the well-known electric car manufacturer, has recently admitted that a recent data breach, involving the personal information of over 75,000 individuals, was a result of internal misconduct. This acknowledgment was made in a filing with Maine’s attorney general.
The incident came to light on May 10, when a German media outlet called Handelsbatt informed Tesla that it had received a massive amount of data, approximately 100GB, from an informant within the company. The data provided by the whistleblower included 23,000 internal files spanning from 2015 to 2022. These files allegedly contained information regarding 3,900 reports of self-acceleration and brake-function issues experienced by Tesla vehicles. Additionally, the files contained crash reports and numerous complaints from drivers expressing safety concerns about Tesla’s driver assistance system.
Subsequent investigations conducted by Tesla revealed that two former employees had misappropriated and leaked the information in violation of the company’s IT security and data protection policies. These employees shared the data with Handelsbatt, the media outlet that received the information initially. However, Handelsbatt has reassured Tesla that it has no intention of publishing the compromised information and would not be legally allowed to do so.
In response to the breach, Tesla’s chief privacy officer contacted all the affected individuals in order to provide them with detailed information about the incident. This included an explanation of what happened, what data was involved, the measures being taken by Tesla to address the issue, and what affected individuals can do moving forward.
Tesla has also taken legal action against the former employees responsible for the breach, obtaining court orders that prohibit them from further accessing or using the leaked data. In addition, their electronic devices, which allegedly contained the leaked Tesla information along with personal information of current and former employees, have been confiscated as part of ongoing lawsuits.
The data breach has raised concerns about Tesla’s security protocols and controls. Lior Yaari, CEO and co-founder of Grip Security, pointed out that such breaches are not uncommon and are often a result of former employees having continued access to company systems even after leaving. Without more information, it is difficult to determine whether this incident was a result of inadequate security controls or the malicious intent of two disgruntled employees.
Tesla has taken steps to mitigate the impact of the breach on affected individuals. The company is offering complimentary credit monitoring services through Experian’s IdentityWorks to help them monitor and protect their personal information.
In conclusion, the data breach experienced by Tesla, which affected over 75,000 individuals, has been attributed to insider wrongdoing by two former employees. The breach involved the leak of significant amounts of sensitive internal data, including reports of safety issues with Tesla vehicles and complaints regarding the driver assistance system. Tesla is addressing the issue by taking legal action against the responsible individuals and providing support to the affected individuals through credit monitoring services. This incident highlights the importance of robust security controls and the need for companies to carefully manage access to their systems even after employees have left the organization.