Lawsuit claims Tesla corp data security is far less advanced than its cars

An ex-Tesla staffer has revenge a projected people action suit that blames mediocre entree power astatine nan carmaker for a information leak, weeks aft Tesla itself sued nan alleged leakers, 2 erstwhile employees.

Benson Pai, who was a accumulation subordinate connected Tesla's California campus, moving connected nan building and assembly of nan electrical car company's vehicles, said nan leak was a "direct result" of mediocre information controls connected Tesla's part. The suit, revenge connected Tuesday, claims nan personally identifiable info of 75,000 existent and erstwhile labor could beryllium sold connected nan acheronian web because of nan company's "inadequate information security."

Pai, who is looking to beforehand nan group whose information was stolen, claimed [PDF] successful nan filing that Tesla:

The sueball comes weeks aft Tesla said successful a information breach filing pinch nan authorities of Maine* that it had itself sued 2 erstwhile labor whom it accused of stealing 75k staffers' records – including, supposedly, Elon Musk's ain societal information number (SSN).

As The Reg has mentioned before, galore people action lawsuits are launched connected nan premise that SSNs are thing of a information fraud goldmine. Possession of only a person's SSN, name, and address, for example, intends criminals tin return retired a in installments paper aliases indebtedness successful nan victim's name. They tin usage it to get aesculapian attraction (and rack up bills) nether nan person's identity, aliases place themselves utilizing nan purloined SSN erstwhile arrested – giving nan unfortunate a criminal record. Elon Musk, astatine least, would person a sanction recognizable capable to perchance swerve that fate.

Tesla discovered nan breach successful May, erstwhile notified by German business insubstantial Handelsblatt [paywalled], which gave specifications connected nan information it believed was included successful nan breach. The publication said it went good beyond conscionable that of Tesla staffers – and allegedly included info from customers and business partners.

The Handelsblatt communicative said that nan institution had grounded to adequately protect nan 100 gigabytes of confidential information handed to it by a whistleblower, which it assured Tesla it was legally forbidden from publishing. Tesla is besides reportedly nether investigation by Euro information protection authorities complete nan leak.

• Mozilla calls cars from 25 automakers 'data privateness nightmares connected wheels'
• The Anti Defamation League is Musk's latest excuse for Twitter's tanking advertisement revenue
• Tesla's purported hands-free 'Elon mode' raises regulator's humor pressure
• Silicon Valley billionaires secretly bargain up onshore for caller California city

The title claims nan car shaper took excessively agelong to pass affected information leak victims, accusing it, among different things, of negligence, penetration of privacy, breach of implied contract, breach of fiduciary duty, breach of assurance and usurpation of nan California Unfair Competition Law.

Pai claimed successful nan suit that waiting until August to pass people members accrued nan consequence of fraud.

The filing besides said nan "unencrypted, unredacted information" could beryllium sold connected nan acheronian web "at a value ranging from $40 to $200," noting that SSNs "are particularly valuable to personality thieves."

When Tesla notified employees, it offered a year's rank of Experian's IdentityWorks monitoring services to members whose societal information numbers were leaked. The title called nan connection "wholly inadequate" arsenic it "fails to relationship for nan truth that victims of information breaches and different unauthorized disclosures commonly look aggregate years of ongoing personality theft, and financial fraud, and it wholly fails to supply capable compensation for nan unauthorized merchandise and disclosure of Plaintiff's and Class members' Sensitive Information."

The suit seeks damages and costs, not disclosed successful nan title but much than $5 million.

We've asked Tesla for comment. ®

*Maine authorities rule has a information breach notification statute connected nan books requiring businesses who bargain and waste to its residents to notify affected parties "as expediently arsenic imaginable and without unreasonable delay." It's triggered erstwhile personification breaks into an org's machine strategy (or helps themselves if admins person near things nationalist facing) and individual accusation is acquired, released, aliases "used without authorization." It's why you'll spot a batch of disclosures turning up location first.