Whistleblower files expose customer and employee data, driver assistance system complaints.
According to a Handelsblatt report, a whistleblower leaked 100 gigabytes of confidential data, revealing Tesla’s inadequate protection of customer, employee, and business partner data. The report also highlighted thousands of customer complaints regarding Tesla’s driver assistance system, with customer data found extensively in a data set called “Tesla Files.”
Handelsblatt reports that the leaked files contain tables with over 100,000 names of current and former Tesla employees, including sensitive information such as the social security number of CEO Elon Musk. The data also includes private email addresses, phone numbers, employee salaries, customer bank details, and confidential production details.
According to the newspaper, the breach would be in violation of GDPR. The Guardian has not independently verified the authenticity of the documents. The data protection office in Brandenburg, where Tesla’s European gigafactory is located, referred to the data leak as “massive,” with the data protection officer, Dagmar Hartge, stating that it is unprecedented in scale. If the violation is proven, Tesla could face fines of up to 4% of its annual sales, which could amount to €3.26bn ($3.5bn). The leaked files also revealed a significant number of customer complaints related to Tesla’s driver assistance programs, including approximately 4,000 complaints of sudden acceleration or phantom braking.
Describing the revelations as “disturbing,” the German union IG Metall has urged Tesla to notify its employees about any data protection breaches and foster a culture that encourages open and fearless communication regarding problems and grievances. Dirk Schulze, the incoming district manager for Berlin, Brandenburg, and Saxony, stated that these revelations align with the overall impression they have gathered over the past two years.
The agency refrained from commenting on whether it has initiated or will initiate an investigation, citing its policy. The Dutch agency was informed about the breach by its counterpart in the German state of Brandenburg. While Handelsblatt reported that Tesla had notified the Dutch authorities about the breach, an AP spokesperson stated that they were unaware of any representations made by the company to the agency. Tesla was unavailable for comment on Friday.
