Elon Musk may be able to send a car into space, but his staff needs help securing data online. According to a report from researchers at cloud security firm RedLock this morning, a hacker infiltrated Tesla’s Kubernetes software console because the company failed to secure it with a password.
The hackers then accessed a database of over 75,000 people who had filed complaints with the company regarding auto acceleration and braking issues. The data was allegedly leaked to a German business news outlet, Handelsblatt, which reported on the breach Friday (Aug. 18). In a statement, Tesla said it “informed the affected individuals on May 10, 2023,” that it had learned about the data leak through a “foreign media outlet.” The company has filed lawsuits against two former employees and obtained court orders to seize their devices believed to have contained the information.
Tesla said the employees violated IT security and data protection policies when they shared confidential information with the foreign news outlet. It also said the leak may have caused “harm to the company’s reputation.”
Affected individuals were informed that their personal information, such as names, addresses, and phone numbers, was exposed in the leak. In addition, the company said some of the hacked data included vehicle identification numbers. The company also disclosed that the data was gathered from 2015 to 2022.
In an email to workers Sunday, CEO Elon Musk revealed that the company had learned about an employee who sabotaged systems and leaked sensitive data to third parties. He added that the company is still trying to figure out whether this person acted alone or with help from outside entities.
Musk said the employee had used his trusted access to tamper with production systems and export gigabytes of data from its network to unnamed third parties. He added that the sabotage was “quite extensive and damaging,” hoping the investigation would quickly find the culprit.
The sabotage reportedly affected the production of the Model 3. It involved its battery system, motor control units, and manufacturing operations, but the company says it was unrelated to recent fire incidents. Tesla said the worker reported the sabotage to HR, leading to his firing.
The incident is another reminder of the havoc that malicious insiders can wreak on organizations. Last year, for instance, a former software engineer at the CIA was accused of abusing his position and access to steal and leak 8,700 confidential documents. That case was the latest in a long list of high-profile insider abuses to hit the headlines. For more on how to mitigate the risks of insider threats, check out our latest infographic. PYMNTS has contacted Tesla for comment and is awaiting a response.