Tesla has said that insider wrongdoing was to blame for a data breach affecting more than 75,000 company employees.
Tesla, the electric car maker owned by Elon Musk, said in a data breach notice filed with Maine’s attorney general that an investigation had found that two former employees leaked over 75,000 individuals’ personal information to a foreign media outlet.
“The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet,” Steven Elentukh, Tesla’s data privacy officer, wrote in the notice.
This information includes personally identifying information, including names, addresses, phone numbers, employment-related records, and Social Security numbers belonging to 75,735 current and former employees.
Tesla said two former employees had shared the data with German newspaper Handelsblatt. The outlet assured Tesla that it wouldn’t publish the information and that it is “legally prohibited from using it inappropriately,” according to the notice.
Handelsblatt reported in May that Tesla had been hit by a “massive” breach revealing everything from employees’ personal information to customer complaints about their cars.
The publication obtained more than 23,000 internal documents, dubbed the “Tesla Files,” containing 100 gigabytes of confidential data. This included employees’ personal information, customer bank details, production secrets, and customer complaints about Tesla’s Full Self Driving (FSD) features.
According to Handelsblatt, Musk’s Social Security number was also included in the leak.
Tesla filed lawsuits against the employees allegedly responsible for the data breach, which resulted in the seizure of the employees’ electronic devices. “Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the company said.
This incident comes after Reuters reported in April that Tesla workers shared sensitive images recorded by customer cars. Between 2019 and 2022, it was reported that employees shared “invasive” images and videos recorded by car cameras.