Tesla’s Huge Data Breach Was Caused by Internal Whistleblowers

Tesla has begun notifying the 75k individuals impacted by May's 'Tesla Files', and is prosecuting those responsible.

Tesla’s May data breach — which compromised the information of over 75,000 people — has been found to be caused by “insider wrongdoing”, according to a notice from the Maine attorney general.

A recent investigation found that two former employees violated Tesla’s data protection policies by sharing sensitive information with a German media outlet, and a lawsuit has since been filed against them by the Musk-owned company.

Tesla has also begun notifying workers about the breach, which compromised 100 gigabytes of personal employee data — including Musk’s own social security number. Here’s what be know so far.

Tesla’s Data Breach Linked to Whistleblowing Incident

Tesla, the Musk-owned electric car manufacturer, has begun notifying current and former employees that were impacted by a large-scale data breach that took place in May.

According to a data breach notification published by the Office of the Maine Attorney General, 75,735 people were exposed to the leak commonly known as the “Tesla Files”, including its current CEO, billionaire, and X-boss Elon Musk.

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.See deal button

 “The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet.” – Tesla’s letter to the Maine Attorney Genrnal 

A letter issued to the Maine Attorney General by the Austin-based manufacturer also reveals that the breach was a result of “insider wrongdoing” by former Tesla employees.

According to the letter, three whistleblowers disclosed the private information to the German business newspaper Handelsblatt in May, breaching Tesla’s security and data protection policies as a result. Fortunately for those affected, no misuse has been detected, and Handelsblatt told the company they don’t intend to publish any sensitive data.

But this doesn’t mean the whistleblowers are getting away unscathed. Following the investigation, the company filed a lawsuit against the former employees responsible for the violation and seized the devices containing company data. But what information was handed over?

What Information Was Compromised?

100 gigabytes was handed over to the Handelsblatt newspaper on May 25. According to the media organization, the Tesla files included:

  • More than 100,000 names of current and former Tesla employees
  • Private email addresses
  • Phone numbers
  • Salary information
  • Customer bank details
  • Secret details from production
  • Social security numbers (including Elon Musk’s)

How To Prevent Data Breaches Happening at Your Company

While Tesla’s security scare was caused by internal whistle-blowers rather than external threats, data breaches pose very real concerns to companies looking to protect private company, employee, and customer information.

According to cybersecurity firm IT Governance, almost half a billion data breaches were recorded in 2022 alone. And a recent report from The Identity Theft Resource Center (ITRC), revealed that the number of data breach victims shot up by 153% in the first half of 2023, from 62 million to 157 million.

There are a number of practical measures business owners can take to safeguard company data, though. Since weak account credentials are commonly exploited by cybercriminals, maintaining strong password security and using tools like password managers is an effective way to fortify your first barrier of defense.

Deploying all company devices with antivirus software is another necessary way to prevent threats from accessing private accounts. Finally, with a shocking 82% of cyber breaches being caused by employee error, educating your workforce about how to look out for cyber swindles like phishing attacks and Denial-of-service attacks is action businesses need to be making in 2023.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Isobel O'Sullivan (BSc) is a senior writer at Tech.co with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals