“Failure to Protect Personal Data”: Ex-Employee Sues Tesla

A former Tesla employee has filed a 100 million dollar class-action lawsuit against the car maker in the State of California. The suit follows a data breach of more than 20,000 internal files in May, which were leaked to the German newspaper Handelsblatt. The leaked data includes the personal information of more than 75,000 current and former Tesla employees in the US, who could now be faced with identity theft and the misuse of their personal data.

The class-action lawsuit accuses Tesla of failure to properly secure and safeguard their employees’ personal information: The fact that individuals behind the leak were able to steal such vast amounts of sensitive data suggests the company had inadequate security measures in place to protect critical information. According to insiders, the company used the project management tool Jira without restricting who could access what information – meaning that sensitive documents listing salaries, customer complaints and even reasons for employee terminations were open to all users.

If the class-action suit is successful, Tesla could be hit with the full charge of 100 million dollars. But that’s just the beginning: The automaker could face additional lawsuits in other countries since the current filing only covers US employees affected by the data breach. On top of this, internal documents leaked in May have fueled ongoing investigations into Tesla’s autopilot feature and battery range.

In the EU, data protection agencies are also investigating the incident. If employees’ personal data was accessible to as many people as the lawsuit and reports by Handelsblatt suggest, Tesla’s failure to implement adequate controls would constitute a GDPR violation. The maximum fine for incidents like these under the GDPR is 4% of global annual turnover – for Tesla, this would amount to roughly 3 billion dollars. However, it is still unclear whether authorities will issue a fine.

From compromised accounts to insider threats and cyber attacks: It’s critical for businesses to protect their data against unauthorized access from within and without. Organizations must limit access to sensitive information to only those who absolutely need it. This concept, also known as the principle of least privilege, is a cornerstone of IT security and mandated by regulations like the GDPR, HIPAA and more.

In order to manage user access effectively in their increasingly complex IT environments, organizations need identity and access management. However, businesses often hesitate to implement IAM solutions due to their cost and complexity. But there’s good news: identity and access management doesn’t have to be difficult!

As a no-code IAM solution, tenfold allows organizations to securely automate their user and permission management in just a few weeks, restricting access to sensitive data to only those who need it. With this revolutionary approach to IAM, tenfold helps your business boost its cybersecurity and meet compliance goals – all while saving your IT staff valuable time. Sign up for a free trial to learn more.