by 
In a recent revelation, Tesla confirmed that a data breach in May, impacting over 75,000 individuals, was orchestrated internally. The electric vehicle giant made this announcement in a notice dispatched to its customers on Friday. The breach was initially brought to Tesla’s attention by the German news outlet, Handelsblatt, on May 10, after they came into possession of the confidential data.
Upon investigation, it was discovered that the breach was the result of actions by two former Tesla employees. They had violated the company’s IT security and data protection policies by misappropriating the information and sharing it with the media, as stated by Steven Elentukh, Tesla’s data privacy officer, in the notice. In response to the breach, Tesla has taken legal measures, filing two lawsuits to prevent the dissemination of the leaked information. This move led Handelsblatt to confirm that it would refrain from publishing the data, as it is now legally bound not to misuse it.
As part of their containment strategy, Tesla has seized electronic devices belonging to the former employees, suspected to have been used in the breach and potentially still containing the leaked data. The company has also secured court orders barring these individuals from further use, access, or distribution of the data, with the threat of criminal penalties. Tesla has been working with law enforcement and external forensics experts and vows to continue taking necessary steps. The leaked data reportedly includes current and former employees’ Social Security numbers, names, addresses, phone numbers, and email addresses. Handelsblatt reported that the data amounted to approximately 100 gigabytes of confidential information.
The Netherlands data protection watchdog confirmed to CNN in May that they were aware of the situation and were investigating it. Handelsblatt also obtained over 23,000 internal documents, dubbed the “Tesla Files.” These files reportedly contained 2,400 self-acceleration issue reports and 1,500 reports of brake issues, including 383 false collision warnings and phantom stops, as reported by Business Insider. Despite the severity of the breach, Tesla has not identified any misuse of the leaked data so far. The company is cooperating with law enforcement and external forensics experts and will continue to take appropriate steps as necessary. Tesla is advising anyone who suspects their data may have been included in the leak to take protective measures such as ordering a credit report, placing a fraud alert, and filing a security freeze with the Credit Bureau.
