News Highlight
The Tesla Files
According to a report by German newspaper Handelsblatt, Tesla has suffered a significant data breach involving the leak of over 100 gigabytes of confidential data. The leaked information, dubbed the “Tesla Files,” includes customer and employee data, comprising over 100,000 names, social security numbers, email addresses, phone numbers, salaries, and bank details. In addition, the documents revealed secret production details, as well as thousands of customer complaints related to Tesla’s driver assistance system, including issues with sudden unintended acceleration (SUA) and phantom braking. The breach highlights concerns about the company’s data protection practices, and because anyone with access to the company’s Toolbox internal messaging system can access this information on customers and employees from anywhere in the world, it is being treated as a violation of the General Data Protection Regulation (GDPR). If found guilty of such a violation, Tesla could face fines of up to 4% of its annual sales, amounting to around €3.26 billion ($3.5 billion).
Tesla’s lawyer, meanwhile, has stated that the breach involved a “disgruntled former employee” who misused their access as a service technician. Tesla plans to take legal action against the suspected individual responsible for the leak.
Handelsblatt, for their part, found the leak to be so expansive that they took the added step of developing a search tool for any Tesla customer or employee to freely check if their data was compromised. On attempting initial contact with Tesla prior to publication, the only response was from Tesla’s managing counsel for litigation, urging them to “immediately delete all other copies [of the leaked data]” and threatening that the “use of illegally obtained data for media reporting is not allowed… The possession of such data… breaches, among other things, data protection law… [and] subjects recipients, such as Handelsblatt, to liability for violation of trade secrets, data protection law, and handling stolen data….”
Currently, data protection watchdogs in the Netherlands and Germany – where Tesla’s European gigafactory is located – are investigating the breach, the latter of which has described the breach as “massive.” Tesla has previously faced scrutiny over privacy issues, including the recent revelations its employees had for years been engaging in the unauthorized sharing of customers’ videos on its internal messaging system Mattermost. German union IG Metall has expressed its concerns about the revelations and called on Tesla to inform employees about any data protection breaches, and to likewise foster a culture where staff can openly report problems and grievances without fear.
NOTEWORTHY LEAKS:
Casepoint Investigates Two-Terabyte Theft of Government and Corporate Data
Casepoint, a U.S.-based legal tech firm that provides a discovery platform for litigation and compliance, is investigating a potential cybersecurity breach after hackers claimed to have accessed and stolen two terabytes of sensitive data. The company’s clients include government agencies such as the U.S. Courts, the Securities and Exchange Commission (SEC), and the U.S. Department of Defense (DoD), as well as prominent organizations like Marriott and Mayo Clinic. While Casepoint’s co-founder and CTO did not confirm the specific nature of the incident, the ALPHV ransomware gang, believed to have ties to Russia, has claimed responsibility and has listed the stolen data on its dark web leak site. Samples of the stolen data include healthcare information, a legal document, a government-issued ID, and an internal document allegedly from the FBI. On May 31, ALPHV also published what appears to be login details for the company’s internal systems. Casepoint maintains that its services have not been disrupted, and they have engaged a third-party forensic firm to investigate the incident.
Evangelical Doctors’ Organization Leaks Massive Trove of Sensitive Documents
The American College of Pediatricians (ACP), a right-wing medical organization, accidentally exposed a vast collection of highly sensitive documents on its own website. The cache of leaked documents, totaling over 10,000 files, was discovered by Wired and included highly confidential information such as donor details, tax records, social security numbers of board members, staff resignation letters, budgetary concerns, and usernames/passwords of over 100 online accounts. The leaked files also revealed strategies to discredit organizations like the Southern Poverty Law Center, as well as a contract with the Alliance Defending Freedom, a conservative legal group, to represent the ACP pro bono. The ACP, known for employing a veneer of medical science in campaigning against LGBTQ causes, and currently at the center of the ongoing legal struggle involving the abortion drug Mifepristone, is classified as a hate group by the Southern Poverty Law Center. With significantly fewer members than the official American Academy of Pediatrics, the ACP holds influence in conservative policy despite its limited reach. |