“Failure to Protect Personal Data”: Ex-Employee Sues Tesla

Following a leak of more than 100 GB of internal files in May, a former Tesla employee has filed a class-action suit against the automaker. It alleges that Tesla failed to properly safeguard their employees’ personal information: The leaked files include the names, addresses, phone numbers, birth dates, email adresses, social security numbers and salaries of more than 75.000 Tesla employees. According to insiders, this personal information could be accessed by almost anyone in the company.

A former Tesla employee has filed a 100 million dollar class-action lawsuit against the car maker in the State of California. The suit follows a data breach of more than 20,000 internal files in May, which were leaked to the German newspaper Handelsblatt. The leaked data includes the personal information of more than 75,000 current and former Tesla employees in the US, who could now be faced with identity theft and the misuse of their personal data.

The class-action lawsuit accuses Tesla of failure to properly secure and safeguard their employees’ personal information: The fact that individuals behind the leak were able to steal such vast amounts of sensitive data suggests the company had inadequate security measures in place to protect critical information. According to insiders, the company used the project management tool Jira without restricting who could access what information – meaning that sensitive documents listing salaries, customer complaints and even reasons for employee terminations were open to all users.

Neglecting Access Management: A Costly Mistake

If the class-action suit is successful, Tesla could be hit with the full charge of 100 million dollars. But that’s just the beginning: The automaker could face additional lawsuits in other countries since the current filing only covers US employees affected by the data breach. On top of this, internal documents leaked in May have fueled ongoing investigations into Tesla’s autopilot feature and battery range.

In the EU, data protection agencies are also investigating the incident. If employees’ personal data was accessible to as many people as the lawsuit and reports by Handelsblatt suggest, Tesla’s failure to implement adequate controls would constitute a GDPR violation. The maximum fine for incidents like these under the GDPR is 4% of global annual turnover – for Tesla, this would amount to roughly 3 billion dollars. However, it is still unclear whether authorities will issue a fine.

Tesla itself has since announced that it has improved its internal security and access management. Unfortunately, this change comes too late to prevent the past leak and current legal disputes. It just goes to show: The best time to invest in IT security is before your company is hit.

Protect Sensitive Data With Identity and Access Management

From compromised accounts to insider threats and cyber attacks: It’s critical for businesses to protect their data against unauthorized access from within and without. Organizations must limit access to sensitive information to only those who absolutely need it. This concept, also known as the principle of least privilege, is a cornerstone of IT security and mandated by regulations like the GDPR, HIPAA and more.

In order to manage user access effectively in their increasingly complex IT environments, organizations need identity and access management. However, businesses often hesitate to implement IAM solutions due to their cost and complexity. But there’s good news: identity and access management doesn’t have to be difficult!

As a no-code IAM solution, tenfold allows organizations to securely automate their user and permission management in just a few weeks, restricting access to sensitive data to only those who need it. With this revolutionary approach to IAM, tenfold helps your business boost its cybersecurity and meet compliance goals – all while saving your IT staff valuable time. Sign up for a free trial to learn more.

Tenfold Demo Video

Access Management
Is an Essential Part of
IT Compliance

About the Author: Joe Köller

Joe Köller is tenfold’s Content Manager and responsible for the IAM Blog, where he dives deep into topics like compliance, cybersecurity and digital identities. From security regulations to IT best practices, his goal is to make challenging subjects approachable for the average reader. Before joining tenfold, Joe covered games and digital media for many years.