Tesla has failed to adequately protect data from customers, employees and business partners and has received thousands of customer complaints about the carmaker’s driver assistance system, Germany’s Handelsblatt reportsCiting 100 gigabytes of confidential data leaked by a whistleblower.
Handelsblatt reports that customer data can be found “in abundance” in a data set labeled the “Tesla Files.”
The files contain more than 100,000 names of former and current employees, including the Social Security number of Tesla CEO Elon Musk, private email addresses, phone numbers, employee salaries, customers’ bank details and secret details from production. According to Handelsblatt.
The paper said the breach would violate the GDPR.
The Guardian has not independently verified the documents.
The data protection office in Brandenburg, which is home to Tesla’s European Gigafactory, described the data leak as “massive”.
“I don’t remember such a scale,” said Dagmar Hartge, Brandenburg data protection officer.
If such a breach is proved, Tesla could be fined up to 4% of its annual sales, which could be €3.26bn ($3.5bn).
Citing the leaked files, the newspaper reported a large number of customer complaints about Tesla’s driver assistance programs, with nearly 4,000 complaints over sudden acceleration or phantom braking.
German union IG Metall said the revelations were “disturbing” and called on Tesla to inform employees about all data security breaches and to foster a culture in which employees openly voice problems and complaints. And you can pick it up without any fear.
“These revelations … fit with the picture we have obtained in only two years,” said Dirk Schulze, IG Metall incoming district manager for Berlin, Brandenburg and Saxony.
Handelsblatt quoted a Tesla lawyer as saying that a “disgruntled former employee” had abused his access as a service technician, adding that the company would take legal action against the person suspected of the leak.
The data protection watchdog for the Netherlands said on Friday that it was aware of possible Tesla data security breaches.
“We are aware of the Handelsblatt story and we are looking into it,” said a spokeswoman for the AP data watchdog in the Netherlands, where Tesla’s European headquarters is located.
The agency declined all comment on whether it could or has launched an investigation, citing policy. The Dutch agency was informed by its counterpart in the German state of Brandenburg.
Handelsblatt said Tesla had notified Dutch authorities about the breach, but an AP spokeswoman said she was not aware whether the company had made any representations to the agency.
Tesla was not available for comment on Friday.
Last month, a Reuters report revealed that groups of Tesla employees privately shared sometimes highly offensive videos and images via an internal messaging system recorded by customers’ car cameras between 2019 and 2022.
This week, Facebook parent Meta was fined a record €1.2 billion by its chief EU privacy regulator and given five months to stop transferring user data to the US.