Tesla, the pioneering electric vehicle manufacturer, recently experienced a significant data breach that affected over 75,000 of its current and former employees.
The breach didn't just expose names and addresses; it revealed sensitive personal information, including Social Security numbers. What makes this breach particularly noteworthy is that it was orchestrated not by external hackers, but by insiders – two former employees of the company.
What's happening
On August 18, 2023, Tesla took the necessary step of filing a notice of data breach with the Attorney General of Maine. This official document shed light on a disturbing incident: sensitive employee information had been made available to an unauthorized party. The data, which included names and Social Security numbers, was a treasure trove for potential identity thieves.
The company's internal investigation pinpointed the culprits: two former employees. These individuals had not just taken the data but actively leaked it to a foreign media outlet. The recipient of this confidential information was the German newspaper, Handelsblatt. The newspaper, known for its in-depth business and financial news coverage, is now at the center of a major corporate data breach story.
What they're saying
Steven Elentukh, Tesla's data privacy officer, was forthright about the breach, saying, "The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla's IT security and data protection policies and shared it with the media outlet."
Handelsblatt claimed that the breach was not limited to employee data. The exposed information encompassed everything from personal employee data to customer complaints and even production secrets. The leak included over 23,000 internal documents, dubbed the "Tesla Files." These files contained a whopping 100 gigabytes of confidential data.
The big picture
Security threats don't always come from faceless hackers. Sometimes, the threat is closer to home. Previous reports have highlighted other security concerns for Tesla, including instances where Tesla workers allegedly shared sensitive images recorded by customer cars.
Related: EHR snooping incident at Asante: Unauthorized access exposes patient data
What to watch
In response to the breach, Tesla has initiated legal action against the employees believed to be responsible. Court orders have been obtained, prohibiting these individuals from further disseminating the data. These orders carry weight, with violations subject to criminal penalties.
The bottom line
The Tesla breach underscores a critical lesson for corporations worldwide: insider threats are real and damaging. As companies grow and evolve, the importance of stringent data protection measures and the challenges of enforcing the principle of least privilege among employees become paramount.
Learn more: HIPAA Compliant Email: The Definitive Guide
Dean Levitt
