German business newspaper Handelsblatt claims Tesla has violated data protection laws after a whistleblower leaked 100 gigabytes of confidential data to the publication.
More than 23,000 files show that Tesla has failed to adequately protect data from customers, employees, and business partners, Handelsblatt reported. The whistleblower also notified the German authorities about the data protection breach in April.
The leaked documents, dubbed “Tesla Files,” include tables containing more than 100,000 names of former and current employees, including the social security number of Tesla CEO Elon Musk. The files also include private email addresses, phone numbers, salaries of employees, bank details of customers, and secret details from production.
Citing information from the leaked files, the newspaper also reported about thousands of complaints from customers related to Tesla’s driver assistance systems, including 1,000 crashes in connection with driver assistance systems such as Autopilot in recent years.
There are also 2,400 complaints on unintended acceleration and 1,500 complaints on braking problems, including 383 cases of phantom braking and 139 cases of emergency braking. The oldest complaints from the data leak date from 2015, while the most recent are from March 2022. Most of the incidents took place in the US, but there are also complaints from Asia and Europe, including many from Germany.
Handelsblatt confirmed the data’s authenticity with Fraunhofer Institute for Secure Information Technology, which found no evidence of doctoring or fabrication in the files. Tesla attempted to stop the publication from using this data in its reporting, and even threatened legal action against Handelsblatt.
However, the paper decided to use information from Tesla Files as it considers this is one of the extraordinary circumstances when reporting on illegally obtained data would be legal under European Union law.
The data protection office in the German state of Brandenburg, where Tesla’s European factory is located, described the data leak as “massive.”
“I can’t remember such a scale,” Brandenburg data protection officer Dagmar Hartge said according to Reuters. He added that the case had been handed to the Dutch authorities because Tesla’s European headquarters are in The Netherlands.
The data protection watchdog for the Netherlands said it is too early to say whether it would start an investigation into possible Tesla data protection breaches. The data breach would violate the European Union’s General Data Protection Regulation (GDPR). If proven in court, it would result in a fine of up to 4 percent of Tesla’s annual sales, which could be $3.5 billion (3.26 billion euros).
While Tesla did not comment on the report, Handelsblatt quoted a lawyer for the EV maker as saying that the whistleblower is a “disgruntled former employee” who had abused his access as a service technician to get information. The lawyer said Tesla would take legal action against the suspected ex-employee.
This is not the first time Tesla is accused of data protection violations. Last month, a Reuters report showed that groups of Tesla employees shared via an internal messaging system sometimes highly invasive videos and images captured by customers’ car cameras between 2019 and 2022.