In a shocking revelation, Tesla has confirmed that a recent data breach affecting over 75,000 company employees was the result of insider wrongdoing. The electric car giant, owned by tech entrepreneur Elon Musk, has disclosed that the breach was orchestrated by two former employees who leaked sensitive personal information to a foreign media outlet.
The incident, as reported in a data breach notice filed with Maine's attorney general, highlighted the magnitude of the breach and the concerning implications for both employees and the company's security protocols. Tesla's data privacy officer, Steven Elentukh, stated that an in-depth investigation into the breach uncovered that the two former employees had violated Tesla's IT security and data protection policies.
The compromised information includes an array of personally identifying data such as names, addresses, phone numbers, employment-related records, and Social Security numbers. This extensive leak involved a staggering 75,735 current and former employees of the electric car manufacturer.
According to Tesla's internal investigation, the former employees had unlawfully shared this sensitive information with the German newspaper Handelsblatt. Remarkably, the publication made assurances that it would not publish the leaked data and committed to refraining from any inappropriate use. Tesla emphasized that Handelsblatt is "legally prohibited" from misusing the leaked data in any manner.
The breach initially came to light in May when Handelsblatt reported a significant breach in Tesla's security, revealing a trove of internal documents that had been accessed. This cache of documents, aptly dubbed the "Tesla Files," contained an astounding 100 gigabytes of confidential data. Among the leaked information were personal details of employees, customer bank records, production secrets, and even customer complaints about Tesla's Full Self-Driving (FSD) features.
The severity of the breach was further underscored by the fact that even Elon Musk's Social Security number was included in the leaked data, a development that deeply impacted the company's image and security protocols.
In response to the breach, Tesla took swift legal action against the former employees who were identified as responsible for the data leak. The company filed lawsuits against them, leading to the seizure of the individuals' electronic devices. Furthermore, Tesla secured court orders that strictly prohibited these former employees from any further use, access, or dissemination of the stolen data, under the threat of criminal penalties.
This data breach incident is not the first instance where Tesla's security practices have come under scrutiny. In April, Reuters reported that Tesla workers had shared sensitive images recorded by customer cars. Allegedly, employees between 2019 and 2022 had shared "invasive" images and videos captured by the cars' cameras.
As the repercussions of this breach unfold, the episode serves as a stark reminder of the ever-growing challenges that companies, even those at the forefront of technology, face in safeguarding sensitive information and maintaining data integrity in an increasingly digital world. The incident underscores the importance of robust cybersecurity measures and heightened vigilance against insider threats that can pose significant risks to both employees and organizations alike.