Whistleblower Goes to the Press
In May, Germany’s Handelsblatt alleged (citing 100GB of leaked data provided by a whistleblower) that Tesla failed protect customer, employee, and business partner data. The Guardian, covering the German newspaper report at the time, noted:
The files include tables containing more than 100,000 names of former and current employees, including the social security number of the Tesla CEO, Elon Musk, along with private email addresses, phone numbers, salaries of employees, bank details of customers and secret details from production, according to Handelsblatt.
As it turns out, the source behind the story - according to Tesla - were “two former Tesla employees [who] misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet”
Notifications Begin
Months after the news broke, Tesla has started sending breach notification letters to those affected. In their letter, Tesla explains some of the things that happened once the investigation started to develop:
Tesla immediately took steps to contain the incident, understand the scope, and protect your information. Among other things, we identified and filed lawsuits against the two former employees. These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties.
The information compromised included “…name, certain contact information (such as address, phone number, and/or email address), [and other data] that Tesla maintains in the ordinary course of business in its capacity as an employer.”
The Maine Attorney General’s Office announced the data breach on August 18, 2023, as part of their normal advisory process. A copy of that notification is below.