Tesla employees in Nevada were notified in late August of a cyber breach within that company that released their personally identifiable information. According to the Nevada attorney general’s office, the breach impacted close to 75,000 people and occurred back in May, with notifications of the breach not sent until August. The breach compromised both employee personal data as well as previous internal records, and an investigation is still underway. While no legal action has been completed, lawsuits have been filed and the breach is likely to cost Tesla a significant amount due to the size of the claim.
While the investigation into Tesla’s security breach is still underway, Tesla has spoken out to share that they believe the breach is due to internal wrongdoing. According to Tesla’s data breach notice, the investigation has found that two internal employees released the information to a foreign media outlet, compromising thousands of individual’s personal information and private communications. Steven Elentukh, Tesla’s data privacy officer, said in a statement, “The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet.”
The German newspaper, Handelsblatt, said it received over 100GB of information from the employees, which included names, phone numbers, emails, and thousands of internal communications. The files include confidential data regarding complaints against the company that expressed concerns over the company’s safety measures. According to these documents, thousands of complaints went unanswered and unreported, which raises questions about Tesla’s integrity regarding its safety practices and customer service. Though these aspects are not yet fully developed, Tesla has officially filed two lawsuits against the employees who are accused of leaking the data.
According to the data breach notice, Tesla has agreed to provide a full year of free credit monitoring to all employees who were potentially affected by the breach. Once the claims have been settled, there is a high possibility that affected employees will receive financial compensation for the leak of their data. In addition, under the guidance of the attorney general’s office, employees have been advised to place a temporary fraud alert on all their accounts and regularly monitor their bank and credit reports.
Improving data security measures is crucial to protecting internal information and maintaining regulation standards. It’s also key to avoiding data breaches such as the one Tesla recently experienced and maintaining customer loyalty. Steps to improve your organization's security measures include:
While security measures can decrease the likelihood of a breach, no organization can fully protect itself from the risk of hacking, either internal or external. Cyber insurance can provide financial protection to cover the costs of a data breach claim, as well as costs for settlement and notifications. ECBM has extensive experience in cyber protection and insurance, and our goal is to provide the highest quality coverage at the best possible price for our clients. In an age where cyber is the most vulnerable area for most businesses, insurance coverage is more important than ever before. For more information on our cyber insurance solutions or for a risk management assessment, contact one of our agents today.