Tesla reveals insider data breach affected 75,000+ current and former employees
Tesla Inc. has disclosed that a breach of its network compromised more than 75,000 current and former employees’ information.
The automaker detailed the incident in a regulatory filing that was picked up by Bloomberg late Sunday. The filing, which was submitted to the Office of the Maine Attorney General, appears to be a copy of a memo sent to the affected individuals.
In May, the German business newspaper Handelsblatt reported that it had obtained a trove of internal Tesla data from company insiders. The dataset, which has been referred to as the Tesla Files, is said to contain more than 23,000 records. Those records reportedly range from technical documents to customer complaints and Elon Musk’s Social Security number.
Handelsblatt notified Tesla of the breach on May 10, about two weeks before it publicized the incident. In its newly published regulatory filing, the automaker shared more details about the leak. Tesla says it was informed by Handelsblatt staff that the paper “does not intend to publish the personal information, and in any event, is legally prohibited from using it inappropriately.”
Tesla told the affected individuals that it didn’t find any signs the breach may have broadened in scope. “While we have not identified evidence of misuse of the data in a manner that may cause harm to you, we are nonetheless providing you with this notice to ensure that you are aware of what happened and the measures we have taken.”
After it received word of the breach, the automaker launched an investigation. Tesla determined that the hack was carried out by two former employees. The company has filed lawsuits against both individuals.
“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information,” the filing reads. “Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties.”
The automaker’s investigation determined that the breach affected 75,735 current and former employees. According to its filing, the stolen data included names, addresses, phone numbers and email addresses. TechCrunch reported that the hackers also obtained certain other information, including Social Security numbers.
The incident doesn’t mark the first time Tesla’s network has been breached. In 2018, a cybersecurity startup discovered that hackers had gained access to the administrative console the automaker used to manage its Kubernetes environment. Tesla had neglected to require that users provide a password when logging in.
Using the compromised Kubernetes console, the hackers installed cryptocurrency mining software on the company’s cloud environment. However, they didn’t gain access to customer data. Tesla added at the time that its vehicles’ security and safety weren’t impacted either, with an investigation finding the breach only affected “internally used engineering test cars.”
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.