CYFOR Blog

Tesla points to ‘insider wrongdoing’ as cause of massive employee data leak

Tesla, the electric car maker owned by Elon Musk, has said that the massive data leak that the company suffered in May was due to insider wrongdoing. The Tesla data breach included personally identifiable information on over 75,000 company employees, and the automaker has pinned the leak on ex-employees.

In a data breach notice filed with Maine’s attorney general, an internal investigation had found that two former employees leaked more than 75,000 individuals’ personal information to a foreign media outlet, German newspaper Handelsblatt. The outlet assured Tesla that it wouldn’t publish the information and that it is “legally prohibited from using it inappropriately,” according to the notice.

Steven Elentukh, Tesla’s data privacy officer, said “The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet,”

The leaked data includes personally identifying information, including names, addresses, phone numbers, employment-related records and Social Security numbers belonging to 75,735 current and former employees.

The publication obtained more than 23,000 internal documents, dubbed the “Tesla Files,” containing 100 gigabytes of confidential data. This included employees’ personal information, customer bank details, production secrets and customer complaints about Tesla’s Full Self-Driving (FSD) features. According to Handelsblatt, Musk’s Social Security number was also included in the leak.

Tesla filed lawsuits against the employees allegedly responsible for the data breach, which resulted in the seizure of the employees’ electronic devices. “Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the company said.

This incident comes after Reuters reported in April that Tesla workers shared sensitive images recorded by customer cars. Between 2019 and 2022, it was reported that employees shared “invasive” images and videos recorded by car cameras.

Mat Cowey, Head of Corporate Forensic Investigations at CYFOR commented on the data breach,

“The Tesla data breach comes as no surprise. These are the kinds of data breaches that we see all too regularly within numerous organisations. The protection of employee and customer data is a critical area of an organisation’s security posture and insider threats can be a huge problem for an organisation; whether it is part of a ploy to steal data for personal use, brand/reputational damage or for whistleblowing. The full details of the data breach have not been made public; however, these threats are real and all organisations must ensure that the appropriate securities and practices are in place, monitored and continuously improved upon.

Recognised as true leaders in this niche area of complex investigation, CYFOR are frequently instructed by clients who have had company data stolen by current or former employees. We provide corporate forensic investigations in cases ranging from intellectual property theft, partnership and contract disputes to whistleblowing matters. The extensive capabilities of our multi-disciplinary team of experts allow us to forensically investigate digital devices such as computers, mobile phones, hard drives and tablets within strict time frames to meet client requirements.