Tesla has disclosed a data breach impacting roughly 75,000 people, but the incident is the result of a whistleblower leak rather than a malicious cyberattack.
Tesla told US authorities that a data breach discovered in May resulted in the exposure of the personal information, including social security numbers, of more than 75,700 individuals.
A notification letter sent to impacted people reveals that the data breach is related to a couple of former employees sending confidential information to German media outlet Handelsblatt. Tesla said the ex-workers “misappropriated the information in violation of Tesla’s IT security and data protection policies”.
The compromised information includes names, contact information, and employment-related records associated with current and former employees. Impacted individuals are being offered credit monitoring and identity protection services.
The leak came to light in May, when Handelsblatt reported that it had received 100 Gb of confidential Tesla data from a whistleblower. The newspaper said Tesla had failed to adequately protect employee, customer and partner data.
The leaked files, dubbed ‘Tesla Files’, reportedly included information on more than 100,000 current and former employees, customer bank details, production secrets, and customer complaints regarding driver assistance systems.
Handelsblatt has assured Tesla that it does not intend to publish the personal data provided by the whistleblower.
The chances of the exposed data being misused are slim given the circumstances of the incident, with Tesla likely initiating the data breach disclosure process due to legal requirements.
Tesla, whose lawyer described the leaker as a “disgruntled former employee” when the leak came to light, has filed lawsuits against the employees responsible for the data breach.
“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the car maker explained in its recent breach notification.
Related: Tesla Sued Over Workers’ Alleged Access to Car Video Imagery
Related: Tesla Hacked Twice at Pwn2Own Exploit Contest
Related: Tesla Retail Tool Vulnerability Led to Account Takeover
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Microsoft Adding New Security Features to Windows 11
- Sony Investigating After Hackers Offer to Sell Stolen Data
- 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
- Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- Cisco to Acquire Splunk for $28 Billion
Latest News
- Microsoft Adding New Security Features to Windows 11
- UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor
- Sony Investigating After Hackers Offer to Sell Stolen Data
- The CISO Carousel and its Effect on Enterprise Cybersecurity
- Xenomorph Android Banking Trojan Targeting Users in US, Canada
- $200 Million in Cryptocurrency Stolen in Mixin Network Hack
- Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
- Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
