CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Tesla Discloses Data Breach Related to Whistleblower Leak

Tesla has disclosed a data breach impacting 75,000 people, but it’s a result of a whistleblower leak, not a malicious cyberattack.

Tesla hack

Tesla has disclosed a data breach impacting roughly 75,000 people, but the incident is the result of a whistleblower leak rather than a malicious cyberattack.

Tesla told US authorities that a data breach discovered in May resulted in the exposure of the personal information, including social security numbers, of more than 75,700 individuals.

A notification letter sent to impacted people reveals that the data breach is related to a couple of former employees sending confidential information to German media outlet Handelsblatt. Tesla said the ex-workers “misappropriated the information in violation of Tesla’s IT security and data protection policies”. 

The compromised information includes names, contact information, and employment-related records associated with current and former employees. Impacted individuals are being offered credit monitoring and identity protection services. 

The leak came to light in May, when Handelsblatt reported that it had received 100 Gb of confidential Tesla data from a whistleblower. The newspaper said Tesla had failed to adequately protect employee, customer and partner data. 

The leaked files, dubbed ‘Tesla Files’, reportedly included information on more than 100,000 current and former employees, customer bank details, production secrets, and customer complaints regarding driver assistance systems.  

Handelsblatt has assured Tesla that it does not intend to publish the personal data provided by the whistleblower.

The chances of the exposed data being misused are slim given the circumstances of the incident, with Tesla likely initiating the data breach disclosure process due to legal requirements.

Advertisement. Scroll to continue reading.

Tesla, whose lawyer described the leaker as a “disgruntled former employee” when the leak came to light, has filed lawsuits against the employees responsible for the data breach. 

“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the car maker explained in its recent breach notification. 

Related: Tesla Sued Over Workers’ Alleged Access to Car Video Imagery

Related: Tesla Hacked Twice at Pwn2Own Exploit Contest

Related: Tesla Retail Tool Vulnerability Led to Account Takeover

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.