A recent data breach at Tesla during May has impacted a significant number of individuals, totaling more than 75,000 people, according to an announcement made by the office of the Maine Attorney General. The breach included records related to employees and was attributed to “insider wrongdoing.”
Among the individuals affected, 75,735 have been identified, with nine of them being residents of Maine. Most of the impacted individuals are believed to be current or former employees of the carmaker based in Austin, Texas.
The incident came to light when a foreign media outlet, Handelsblatt, notified Tesla on May 10, 2023, that it had gained access to confidential information belonging to Tesla. The investigation conducted in response to the breach revealed that two former Tesla employees were responsible for the unauthorized access and sharing of company information with the media outlet. This action directly violated Tesla’s IT security and data protection policies.
In response to these findings, Tesla took legal action against the two former employees involved in the breach. Although the jurisdiction in which the lawsuits were filed is not specified, these legal measures resulted in the confiscation of electronic devices that were suspected to contain sensitive company data.
In an official communication sent to those impacted by the breach, Tesla outlined the steps taken to address the situation. The company secured court orders to prevent the former employees from further utilizing, accessing, or disseminating the acquired data, with the violation of these orders carrying potential criminal penalties. Tesla collaborated with law enforcement agencies and external experts in digital forensics to resolve the breach and will continue to pursue necessary actions moving forward.
The breach underscores the critical need for organizations to maintain robust data protection policies and security measures to safeguard against insider threats and cyberattacks. The incident serves as a reminder of the importance of stringent security protocols and swift response mechanisms to address data breaches and protect sensitive information.