Tesla recently disclosed that insider wrongdoing was the primary cause behind a significant data breach that compromised the personal information of over 75,000 employees.
In an official breach notification submitted to Maine’s attorney general (via TechCrunch), Tesla determined that their internal investigation pointed to two former employees as the culprits. These individuals allegedly leaked the vast trove of sensitive data, breaching the company’s IT security and data protection guidelines.
Steven Elentukh, Tesla’s Data Privacy Officer, mentioned in the notice, “The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet.”
The leaked data, affecting both current and former employees, encompassed names, addresses, phone numbers, employment records, and even Social Security numbers.
German newspaper, Handelsblatt, was identified as the recipient of this information. However, in Tesla’s notice, it was highlighted that the media outlet pledged not to publish the data, affirming that they are legally bound against any inappropriate usage.
Earlier in May, Handelsblatt had reported on a “massive” breach at Tesla, detailing the exposure of varied data ranging from employees’ personal details to specific customer grievances regarding their vehicles. This leak, termed the “Tesla Files,” incorporated a staggering 100 gigabytes of classified data which included not only employee details but also customers’ banking data, proprietary production details, and concerns surrounding Tesla’s Full Self-Driving (FSD) features.