American car maker Tesla is sending notices of a data breach to thousands of its current and former employees who had their sensitive information exposed by two ex-staff members of the firm.
The incident concerns a 100GB-large database that was leaked to German news outlet Handelsblatt in May 2023, which contained thousands of customer complaints about the safety of Tesla’s Full Self-Driving (FSD) technology, as well as reports about problems with Tesla cars’ emergency braking, incidents of abrupt self-acceleration, false collision warnings, and more.
“A foreign media outlet (named Handelsblatt) informed Tesla on May 10, 2023, that it had obtained Tesla confidential information. The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet. The outlet has stated that it does not intend to publish the personal information, and in any event, is legally prohibited from using it inappropriately.”Tesla
Reportedly, this confidential data was leaked to the media outlet to highlight severe security problems with Tesla cars, as according to the rogue former employees, the carmaker was actively trying to conceal that information from the general public, deleted such reports from public channels, and generally downplayed concerns. The reports leaked to Handlesblatt were clearly marked “for internal use only,” and Tesla’s technicians were advised only to contact the customer verbally to avoid exposing information about the vehicles, customers, and the associated technical issues.
Following an internal investigation on the matter, Tesla now reports that the incident has impacted 75,735 current and former employees, exposing the following details:
- Full name
- Physical address
- Phone number
- Email address
There’s no mention of customer information having been exposed in the leaked data, so this appears to be specific to employee-related records. It is possible that the internal report database does not hold customer information or that the individuals responsible for leaking it redacted such information before sharing it with Handelsblatt, as exposing customers wasn’t their objective.
Handelsblatt has neither published nor intends to publish any personally identifiable information from the data it received. However, this dataset may have been shared with other parties. To safeguard against future leaks of personal information, Tesla has taken legal action against the two former employees. Law enforcement has since confiscated their electronic devices, and court orders now prevent them from accessing or disseminating any Tesla data.
The carmaker also encloses instructions on how to enroll to Experian’s credit monitoring and identity detection services in the notices sent to impacted customers so as to mitigate their risk from scammers and cybercriminals.