Tesla, the renowned American electric car manufacturer, has recently disclosed that a data leak earlier this year was orchestrated by two former employees. This leak compromised sensitive personal information belonging to over 75,000 individuals. Investigations confirmed that the breach was a result of the former employees misappropriating personal information in violation of Tesla’s IT security policies and sharing it with a German media organization named Handelsblatt.
The breach was initially brought to Tesla’s attention when Handelsblatt informed the company on May 10, 2023, that it had obtained confidential information from Tesla. However, Handelsblatt, being legally prohibited from improper utilization of the data and having no intentions of publication, promptly notified the company about the occurrence. In response, Tesla identified the two insiders responsible for leaking the data and filed a lawsuit against them. Electronic devices belonging to the former employees, which were believed to contain the stolen data, were subsequently seized as part of the legal proceedings.
The data leaked by the former employees included names, addresses, phone numbers, email addresses, and other personal information of past and current Tesla employees. Over 100GB of confidential data, including a document named “Tesla Files” containing tables with the names of over 100,000 workers, was exposed. Shockingly, the leaked data reportedly also included Elon Musk’s Social Security Number, although this claim has yet to be verified by the news organization that received the data.
Tesla’s Data Privacy Officer, Steven Elentukh, officially submitted a breach notification to the Attorney General of Maine, outlining the details of the incident. This underscores the seriousness of the breach and the company’s commitment to addressing the privacy and security concerns associated with it.
This data leak comes on the heels of previous privacy breaches involving Tesla. In the past, Tesla employees were found to have exchanged private videos and images recorded by customers’ car cameras. These visuals were shared using internal messaging systems, leading to serious concerns about privacy violations. Some of the shared content included an undressed man approaching a vehicle, a crash video involving a Tesla car hitting a child, and images of dogs and road signs that employees turned into memes.
While Tesla maintained that the recordings would remain anonymous and not linked to individual customers or their vehicles, there were still concerns about the potential for privacy breaches and surveillance. Former employees interviewed by Reuters revealed that they had access to the location data associated with the recordings, allowing them to potentially trace the whereabouts of customers, including their residences. Although Reuters did not access or verify the contents of the shared videos, the employees confirmed that the videos were not stored.
In addition to these privacy concerns, Tesla has recently faced legal challenges related to racial discrimination. Two ex-employees took the company to court in April 2023, and they reportedly won their case. This adds another layer of complexity to Tesla’s ongoing legal battles.
Overall, the data leak at Tesla has raised significant concerns about the company’s data security measures and its ability to protect the personal information of its employees. The breach serves as a reminder of the growing importance of strong cybersecurity practices and the need for companies to prioritize data privacy and protection.