View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 22, 2023updated 24 Aug 2023 1:11pm

‘Insider wrongdoing’ at the heart of massive breach, announces Tesla

The two employees who leaked the information are currently being sued by the company

By Claudia Glover

A data breach suffered by global car manufacturer Tesla earlier this year was the result of ‘insider wrongdoing’ on the part of two former employees, according to a submission by the company to the Attorney General’s Office in the US state of Maine.

The data, which was originally leaked to a German media outlet, contained a litany of complaints related to mechanical problems in Tesla vehicles and the personal data of 75,735 current and former employees of the firm. The electric vehicle manufacturer also confirmed that it has filed lawsuits against both ex-employees for their alleged role in the breach.

Telsa breach was the result of insider wrongdoing, announces company. (Photo by Vitaliy Karimov/Shutterstock)

A letter to those affected accompanied the breach notification. It explains that “a foreign media outlet [the German newspaper Handelsblatt] informed Tesla on May 10, 2023 that it had obtained Tesla confidential information. The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet.”

The data in question was leaked to Handelsblatt in April and includes thousands of complaints about braking problems and acceleration issues in Tesla vehicles. Reported by drivers across the US, Europe and Asia, these complaints refer to 2,400 self-acceleration issues, 1,500 braking problems – including 139 reports of ‘unintentional emergency braking’ – and 383 reports of ‘phantom stops’ from false collision warnings in Tesla vehicles.

Tesla data woes

The letter confirms that the electric vehicle manufacturer has filed lawsuits against the pair it claims leaked the information, leading to the confiscation of the work devices in their possession that held company data. “Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the letter continues. “Tesla cooperated with law enforcement and external forensics experts and will continue to take appropriate steps as necessary.”

This is not the first time Tesla has fallen victim to a devastating data breach. Another leak of delicate information took place in April, in which employees were sharing photos and images of company issues on private message boards. The messages included videos and pictures recorded by in-car cameras showing private footage of drivers.

Additionally, in June 2018 Tesla filed a lawsuit against a former employee when they made changes to the company’s source code, exporting gigabytes of proprietary data to unauthorised third parties. Tesla chief executive Elon Musk sent out a company-wide email at the time calling the perpetrator a ‘saboteur’. This contrasted with the actions of another employee two years later, whose agreement to inform on a Russian hacker’s attempt to inject malware into Tesla systems was, according to a tweet from Musk, ‘much appreciated‘.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Read More: Elon Musk launches xAI in bid to take on OpenAI and build ‘safer’ artificial intelligence

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.