Riham Alkosaa and Toby Sterling
BERLIN/AMSTERDAM (Reuters) – The Netherlands’ data protection authority said on Friday it was aware of possible Tesla data breaches, but it was too early to say whether an investigation would be launched.
Germany’s Handelsblatt reported Thursday that Elon Musk’s Tesla allegedly failed to adequately protect the data of customers, employees and business partners, citing 100 gigabytes of sensitive data leaked by a whistleblower.
“We are aware of the Handelsblatt story and are looking into it,” a spokesman for the AP in the Netherlands, home to Tesla’s European headquarters, told the AP.
Handelsblatt said Tesla notified Dutch authorities of the breach, but a spokesman told the AP they did not know if the company had made any statements to the agency.
Tesla was not available for comment Friday on the Handelsblatt report, which said customer data could be found “in large quantities” in a data set labeled “Tesla files.”
The data protection authority in the German state of Brandenburg, home to Tesla’s European gigafactory, called the data leak “massive.”
“I can’t remember this scale,” said Brandenburg’s data protection officer Dagmar Hartge, adding that the case had been referred to Dutch authorities, who would be held responsible if the allegations lead to enforcement action.
Dutch authorities have several weeks to decide whether to pursue the case under the European procedure, she added.
The files include spreadsheets containing more than 100,000 names of former and current employees, including Tesla CEO Musk’s social security number, as well as personal email addresses, phone numbers, employee salaries, customer bank details and confidential manufacturing data , reports Handelsblatt. .
A breach would be in breach of the GDPR, it said.
If such a violation is proven, Tesla could be fined up to 4% of annual sales, which could amount to 3.26 billion euros.
German trade union IG Metall called the revelations “alarming” and called on Tesla to inform employees of all data protection breaches and foster a culture where employees can raise issues and grievances openly and without fear.
“These discoveries … are in line with the picture we have been getting for just under two years,” said Dirk Schulze, IG Metall’s new district manager for Berlin, Brandenburg and Saxony.
Handelsblatt quoted a Tesla lawyer as saying that a “disgruntled former employee” had abused their access as a service technician, adding that the company would take legal action against the alleged leaker.
Citing the leaked files, the newspaper reported thousands of customer complaints about the automaker’s driver assistance systems, with about 4,000 complaints about sudden acceleration or phantom braking.
Last month, a Reuters report revealed that groups of Tesla employees privately shared through an internal messaging system sometimes highly invasive videos and images recorded by cameras in customers’ cars between 2019 and 2022.
Facebook parent company Meta was fined a record 1.2 billion euros ($1.3 billion) by the European Union’s top privacy regulator this week for its handling of user information and given five months to stop transferring user data to the United States.
(Reporting by Riham Alkosao and Christina Amann in Berlin, Toby Sterling in Amsterdam and Hyun Joo Jin in San Francisco; Editing by Susan Fenton, David Gregorio and Alexander Smith)