Tesla has disclosed a data breach impacting roughly 75,000 people, but the incident is the result of a whistleblower leak rather than a malicious cyberattack.
Tesla told US authorities that a data breach discovered in May resulted in the exposure of the personal information, including social security numbers, of more than 75,700 individuals.
A notification letter sent to impacted people reveals that the data breach is related to a couple of former employees sending confidential information to German media outlet Handelsblatt. Tesla said the ex-workers “misappropriated the information in violation of Tesla’s IT security and data protection policies”.
The compromised information includes names, contact information, and employment-related records associated with current and former employees. Impacted individuals are being offered credit monitoring and identity protection services.
The leak came to light in May, when Handelsblatt reported that it had received 100 Gb of confidential Tesla data from a whistleblower. The newspaper said Tesla had failed to adequately protect employee, customer and partner data.
The leaked files, dubbed ‘Tesla Files’, reportedly included information on more than 100,000 current and former employees, customer bank details, production secrets, and customer complaints regarding driver assistance systems.
Handelsblatt has assured Tesla that it does not intend to publish the personal data provided by the whistleblower.
The chances of the exposed data being misused are slim given the circumstances of the incident, with Tesla likely initiating the data breach disclosure process due to legal requirements.
Tesla, whose lawyer described the leaker as a “disgruntled former employee” when the leak came to light, has filed lawsuits against the employees responsible for the data breach.
“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the car maker explained in its recent breach notification.
Related: Tesla Sued Over Workers’ Alleged Access to Car Video Imagery
Related: Tesla Hacked Twice at Pwn2Own Exploit Contest
Related: Tesla Retail Tool Vulnerability Led to Account Takeover
