Tesla, the prominent electric car manufacturer, has recently made a disclosure concerning a data breach that has impacted around 75,000 individuals.
However, the breach diverges from the typical narrative of malicious cyberattacks, as it emerged as a result of a whistleblower leak. In May, the company unveiled that unauthorized access had led to the exposure of personal information, including social security numbers, belonging to over 75,700 people.
The breach was traced back to former employees who shared confidential information with German media outlet Handelsblatt. Tesla reported that these ex-employees “misappropriated the information in violation of Tesla’s IT security and data protection policies.” The compromised data encompasses names, contact details, and employment-related records of both current and former employees.
In response, affected individuals are being offered protective measures such as credit monitoring and identity protection services.
The whistleblower leak gained public attention in May when Handelsblatt reported receiving 100 GB of confidential Tesla data from the source. The leaked files, dubbed ‘Tesla Files’, contained a plethora of sensitive information, including data on more than 100,000 current and former employees, customer bank details, production secrets, and complaints concerning driver assistance systems.
Despite the potential implications, Handelsblatt assured Tesla that it does not intend to publish the provided personal data. Tesla has initiated legal action against the implicated former employees, obtaining court orders to prevent further use, access, or dissemination of the data. This incident underscores the multifaceted challenges companies face in safeguarding sensitive data and responding to unconventional breaches.