Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Tesla Discloses Data Breach Related to Whistleblower Leak

Tesla has disclosed a data breach impacting 75,000 people, but it’s a result of a whistleblower leak, not a malicious cyberattack.

Pwn2Own Automotive car hacking

Tesla has disclosed a data breach impacting roughly 75,000 people, but the incident is the result of a whistleblower leak rather than a malicious cyberattack.

Tesla told US authorities that a data breach discovered in May resulted in the exposure of the personal information, including social security numbers, of more than 75,700 individuals.

A notification letter sent to impacted people reveals that the data breach is related to a couple of former employees sending confidential information to German media outlet Handelsblatt. Tesla said the ex-workers “misappropriated the information in violation of Tesla’s IT security and data protection policies”. 

The compromised information includes names, contact information, and employment-related records associated with current and former employees. Impacted individuals are being offered credit monitoring and identity protection services. 

The leak came to light in May, when Handelsblatt reported that it had received 100 Gb of confidential Tesla data from a whistleblower. The newspaper said Tesla had failed to adequately protect employee, customer and partner data. 

The leaked files, dubbed ‘Tesla Files’, reportedly included information on more than 100,000 current and former employees, customer bank details, production secrets, and customer complaints regarding driver assistance systems.  

Handelsblatt has assured Tesla that it does not intend to publish the personal data provided by the whistleblower.

Advertisement. Scroll to continue reading.

The chances of the exposed data being misused are slim given the circumstances of the incident, with Tesla likely initiating the data breach disclosure process due to legal requirements.

Tesla, whose lawyer described the leaker as a “disgruntled former employee” when the leak came to light, has filed lawsuits against the employees responsible for the data breach. 

“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the car maker explained in its recent breach notification. 

Related: Tesla Sued Over Workers’ Alleged Access to Car Video Imagery

Related: Tesla Hacked Twice at Pwn2Own Exploit Contest

Related: Tesla Retail Tool Vulnerability Led to Account Takeover

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Cybercrime

Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.