Tesla has filed lawsuits against two unnamed former employees accusing them of a data breach that impacted more than 75,000 people as a result of "insider wrongdoing."
According to a notice posted by the office of the Maine Attorney General seen by Bloomberg, a total of 75,735 people were affected by the data breach, including nine residents of Maine. The people appear to be current or former employees of Tesla.
The data breach was uncovered on May 10 by German media outlet Handelsblatt, which received 100 gigabytes of confidential data from a whistleblower. The newspaper alleged that the over 23,000 leaked files proved Tesla had failed to adequately protect data from customers, employees, and business partners.
In an August 18 letter by Tesla that accompanied the data breach notification, the EV maker said that “a foreign media outlet (named Handelsblatt) informed Tesla on May 10, 2023, that it had obtained Tesla confidential information.
"The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet," Tesla said in the letter to those impacted.
Gallery: Tesla Fremont Factory
The EV maker also noted that it filed lawsuits against the two former employees, without specifying in which jurisdiction. According to the letter, the lawsuits led to the seizure of electronic devices that were believed to have contained company information.
"Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties. Tesla cooperated with law enforcement and external forensics experts and will continue to take appropriate steps as necessary," the letter stated.
The company also noted that Handelsblatt has stated that it does not intend to publish the personal information, "and in any event, is legally prohibited from using it inappropriately."
The leaked documents, dubbed "Tesla Files," included sensitive information such as more than 100,000 names of former and current employees, the social security number of Tesla CEO Elon Musk, private email addresses, phone numbers, salaries of employees, bank details of customers, and secret details from production.
Tesla reassured those impacted that there was no "evidence of misuse of the data in a manner that may cause harm." That being said, the company offered 12 months of Experian's IdentityWorks credit monitoring and identity theft service to those affected.
The automaker also advised its users to be extremely vigilant against possible "phishing" attempts and be extremely thorough with their account statements and credit history.