Tesla's May data breach — which compromised the information of over 75,000 people — has been found to be caused by “insider wrongdoing”, according to a notice from the Maine attorney general.
A recent investigation found that two former employees violated Tesla's data protection policies by sharing sensitive information with a German media outlet, and a lawsuit has since been filed against them by the Musk-owned company.
Tesla has also begun notifying workers about the breach, which compromised 100 gigabytes of personal employee data — including Musk's own social security number. Here's what be know so far.
Tesla's Data Breach Linked to Whistleblowing Incident
Tesla, the Musk-owned electric car manufacturer, has begun notifying current and former employees that were impacted by a large-scale data breach that took place in May.
According to a data breach notification published by the Office of the Maine Attorney General, 75,735 people were exposed to the leak commonly known as the “Tesla Files”, including its current CEO, billionaire, and X-boss Elon Musk.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get TWO months of Surfshark VPN FREE using this Tech.co special offer.
“The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet.” – Tesla's letter to the Maine Attorney Genrnal
A letter issued to the Maine Attorney General by the Austin-based manufacturer also reveals that the breach was a result of “insider wrongdoing” by former Tesla employees.
According to the letter, three whistleblowers disclosed the private information to the German business newspaper Handelsblatt in May, breaching Tesla's security and data protection policies as a result. Fortunately for those affected, no misuse has been detected, and Handelsblatt told the company they don't intend to publish any sensitive data.
But this doesn't mean the whistleblowers are getting away unscathed. Following the investigation, the company filed a lawsuit against the former employees responsible for the violation and seized the devices containing company data. But what information was handed over?
What Information Was Compromised?
100 gigabytes was handed over to the Handelsblatt newspaper on May 25. According to the media organization, the Tesla files included:
- More than 100,000 names of current and former Tesla employees
- Private email addresses
- Phone numbers
- Salary information
- Customer bank details
- Secret details from production
- Social security numbers (including Elon Musk's)
How To Prevent Data Breaches Happening at Your Company
While Tesla's security scare was caused by internal whistle-blowers rather than external threats, data breaches pose very real concerns to companies looking to protect private company, employee, and customer information.
According to cybersecurity firm IT Governance, almost half a billion data breaches were recorded in 2022 alone. And a recent report from The Identity Theft Resource Center (ITRC), revealed that the number of data breach victims shot up by 153% in the first half of 2023, from 62 million to 157 million.
There are a number of practical measures business owners can take to safeguard company data, though. Since weak account credentials are commonly exploited by cybercriminals, maintaining strong password security and using tools like password managers is an effective way to fortify your first barrier of defense.
Deploying all company devices with antivirus software is another necessary way to prevent threats from accessing private accounts. Finally, with a shocking 82% of cyber breaches being caused by employee error, educating your workforce about how to look out for cyber swindles like phishing attacks and Denial-of-service attacks is action businesses need to be making in 2023.