Following an investigation into a data breach that affected more than 75,000 employees back in May, Tesla has now confirmed that the data breach was in fact an inside job, with two former Tesla employees sharing the company's sensitive data.
The leaked data included personal information such as names, addresses, phone numbers, and Social Security numbers of 75,735 current and former employees of Tesla, as was revealed in Tesla's data breach notice, which was filed with Maine's attorney general earlier this year.
At the time, Tesla said the leak was the work of a “disgruntled ex-employee." As TechCrunch reports, an updated filing with the Maine AG, posted on Friday, now confirms that "two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with [a] media outlet."
That outlet is German-language newspaper Handelsblatt, which in May published a story that said Tesla had received thousands of complaints and crash reports about its Autopilot features between 2015 and 2022, which it tried to keep hidden. The paper said it got its information from an “unnamed informer."
The data, which included the Social Security number of Tesla CEO Elon Musk, will not be published by Handelsblatt, which is "legally prohibited from using it inappropriately," Tesla notes in its updated filing. It includes 23,000 leaked internal documents, including production secrets, customer complaints, and customer's bank details, TechCrunch notes.
Tesla has since sued both of the former employees, resulting in the seizure of their electronic devices, and a court order that prohibits them from further use of the leaked data.
As reported by CNN, Tesla has started notifying both current and former employees who were affected by the data breach. Tesla says it has not discovered any evidence of misuse of any of the leaked data, but has offered anyone affected complimentary access to Experian IdentityWorks identity theft service.