Tesla, the electric car maker led by Elon Musk, has started notifying current and former employees whose information was involved in a confidential data breach in May that affected 75,735 people. The breach was caused by two former Tesla employees who misappropriated the information and shared it with a German media outlet.
How the Data Breach Happened?
According to a notice posted on the US-based Maine Attorney General’s website, Tesla said an investigation had found “two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies” and shared it with Handelsblatt, a German business newspaper. The notice did not specify what kind of information was leaked, but said it included employee-related records.
Tesla said it learned about the data breach on May 10, 2023, when Handelsblatt informed the company that it had obtained Tesla confidential information. Tesla said it cooperated with law enforcement and external forensics experts and filed lawsuits against the two former employees, who were not named in the notice. The lawsuits resulted in the seizure of electronic devices that were believed to contain the Tesla information.
Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties. Handelsblatt assured Tesla that it won’t publish the information and that it is “legally prohibited from using it inappropriately,” according to the notice.
How Tesla Responded to the Data Breach?
Tesla said that it had not detected any misuse of personal data, but has offered complimentary membership to Experian IdentityWorks’ credit monitoring and identity theft service. The membership will be one or two years, depending on the person and the specific engagement number on the letter they receive.
Tesla also said that it had taken steps to prevent similar incidents from happening in the future, such as enhancing its IT security policies and procedures, conducting regular audits and reviews of its systems and data access controls, and providing additional training and awareness programs for its employees.
Tesla emphasized that it values the privacy and security of its employees and customers and that it regrets any inconvenience or concern caused by the data breach. It also urged anyone who received a notification letter to enroll in the credit monitoring service and review their credit reports for any suspicious activity.
How the Data Breach Affected Tesla’s Reputation?
The data breach is another setback for Tesla, which has faced several challenges in recent months. In June, Tesla recalled about 285,000 vehicles in China due to a software issue that could cause sudden acceleration. In July, Tesla reported lower-than-expected deliveries of its Model 3 and Model Y vehicles in the second quarter of 2023. In August, Tesla faced criticism from environmental groups for its plans to clear a forest near Berlin for its Gigafactory.
The data breach also raises questions about Tesla’s internal culture and governance, as well as its ability to protect its intellectual property and trade secrets from competitors and adversaries. Tesla has been involved in several legal disputes with former employees and rivals over allegations of stealing or misusing confidential information.
Tesla has not commented publicly on the data breach beyond the notice posted on the Maine Attorney General’s website. It is not clear if the data breach will have any legal or regulatory consequences for the company or if it will affect its customer loyalty or investor confidence.