Tesla has confirmed a major data breach impacting nearly 76,000 employees and containing sensitive corporate information was carried out by two former staff members.
A data breach notice published on the Office of the Maine Attorney General website revealed 75,735 individuals had been affected by an incident first reported by German newspaper Handelsblatt on May 25 2023.
The paper’s narrative at the time was that whistleblowers had passed it confidential information about the company, allegedly revealing that the carmaker’s autopilot function had bigger technical problems than originally thought.
A data breach notice penned by Tesla data privacy officer, Steven Elentukh, focused on the wrongdoing of the unnamed duo.
“A foreign media outlet (named Handelsblatt) informed Tesla on May 10, 2023 that it had obtained Tesla confidential information,” it noted.
“The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet. The outlet has stated that it does not intend to publish the personal information, and in any event, is legally prohibited from using it inappropriately.”
Read more on Tesla security incidents: Musk Denies Tesla Security Claims After Chinese Military Ban
The two had devices thought to contain the exfiltrated information seized, after Tesla obtained a court order against them, Elentukh continued.
“Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” he added.
“Tesla cooperated with law enforcement and external forensics experts and will continue to take appropriate steps as necessary.”
The compromised data on current and former employees includes names, home and email addresses, phone numbers, employee information and Social Security numbers.
Dor Fledel, CEO of Spera, argued that the incident underlined the challenge of enforcing the principle of least privilege among employees.
“It is too easy for organizations to fall into the trap of granting access for the sake of productivity without considering the security ramifications,” he added. “Organizations must have the discipline along with the necessary tools and processes to ensure employees have the appropriate level of access.”
Handelsblatt claimed back in May to have 100GB of data in its possession from the insiders, containing thousands of vehicle malfunction and crash reports.
Editorial image credit: canadianPhotographer56 / Shutterstock.com