Former Tesla Employees Leak Data From More Than 75,000 Individuals

Chris Teague
by Chris Teague

Tesla often makes news for misbehaving drivers and how they use its technology, but now the automaker is the subject of a different story. Automotive News reported that a data breach impacted the company in May, affecting more than 75,000 people, and was the result of “insider wrongdoing.”


The breach impacted 75,735 current and former Tesla employees. Two former employees mishandled the information, and the data ended up with the German publication Handelsblatt. The automaker filed lawsuits against the employees, which included seizing electronics from the individuals. 


While serious, this breach likely won’t raise the same alarm bells within Tesla that a security vulnerability would, as in a breach caused by a hacker. It’s obviously less than ideal to have employees handing out sensitive data to news outlets, but the act isn’t the result of a systemic problem that could be exploited electronically. 


That said, Tesla has its share of vulnerabilities, including some that unlock paid services, such as its expensive semi-autonomous driving functions. Earlier this year, a team of researchers announced that it had found a simple “jailbreak” hack that unlocked paid features like connectivity services and more power from the electric motors. Even so, these sorts of hacks are unlikely to be useful to the end consumer, as Tesla can monitor and change vehicle functions remotely, making it difficult to fool the all-watching eye of Elon. 


[Image: Nadezda Murmakova via Shutterstock]


Become a TTAC insider. Get the latest news, features, TTAC takes, and everything else that gets to the truth about cars first by subscribing to our newsletter.

Chris Teague
Chris Teague

Chris grew up in, under, and around cars, but took the long way around to becoming an automotive writer. After a career in technology consulting and a trip through business school, Chris began writing about the automotive industry as a way to reconnect with his passion and get behind the wheel of a new car every week. He focuses on taking complex industry stories and making them digestible by any reader. Just don’t expect him to stay away from high-mileage Porsches.

More by Chris Teague

Comments
Join the conversation
8 of 30 comments
  • FreedMike FreedMike on Aug 21, 2023

    As SCE pointed out, the author missed that this was not a breach of Tesla customer data, but rather employee data. Still, data breaches are no laughing matter, no matter whose data ends up tossed into the cloud. Hopefully these leakers do some time.


    • EBFlex EBFlex on Aug 21, 2023

      "The breach impacted 75,735 current and former Tesla employees."

      He didn't point anything out. It's the first line of the second paragraph.



  • Dartman Dartman on Aug 21, 2023

    …ok..Tesla experiences a data breach involving 75k people ( employees only per Tesla). Tesla blames employees and threatens suit for damages. Aren’t companies responsible for the actions of their employees? ( rhetorical question… the answer is yes…)

    • Art_Vandelay Art_Vandelay on Aug 21, 2023

      Only if they exercised a lack of due care and diligence. For example, should these employees have had access to that data for normal duties of their job? If no then they’ll likely bear some responsibility but if Tesla was following standard industry practice in safeguarding data and these 2 were just bad actors then likely not. They’ll have to pay for credit monitoring and all that stuff but would be unlikely to face punitive damages



  • Lou_BC Lou_BC on Aug 21, 2023

    The questions that nobody has yet asked,


    1. "What would be newsworthy about these 75,735 current and former Tesla employees?"
    2. "What benefit is there to leak this information to a German news agency?"
  • Zerofoo Zerofoo on Aug 22, 2023

    Companies in general do not take personally identifiable information (PII) security seriously because there is little consequence for mishandling that information.


    A law that would make companies completely liable for any damages incurred from the result of improperly securing PII would go a long way to fixing the problem.


    At the very least, it would add a real cost to storing that information, and it would encourage companies to delete PII that does not have an immediate business purpose.

    • FreedMike FreedMike on Aug 22, 2023

      Companies can definitely be fined or sued for breaches.


Next