Tesla has failed to adequately protect data from customers, employees and business partners and has received thousands of customer complaints regarding the carmaker’s driver assistance system, Germany’s Handelsblatt has reported, citing 100 gigabytes of confidential data leaked by a whistleblower.
The Handelsblatt report said customer data could be found “in abundance” in a data set labelled “Tesla Files”.
The files include tables containing more than 100,000 names of former and current employees, including the social security number of the Tesla CEO, Elon Musk, along with private email addresses, phone numbers, salaries of employees, bank details of customers and secret details from production, according to Handelsblatt.
The breach would violate the GDPR, the newspaper said.
The Guardian has not independently verified the documents.
The data protection office in Brandenburg, which is home to Tesla’s European gigafactory, described the data leak as “massive”.
“I can’t remember such a scale,” the Brandenburg data protection officer, Dagmar Hartge, said.
If such a violation was proved, Tesla could be fined up to 4% of its annual sales, which could be €3.26bn ($3.5bn).
Citing the leaked files, the newspaper also reported about large numbers of customer complaints regarding the Tesla’s driver assistance programs, with about 4,000 complaints on sudden acceleration or phantom braking.
The German union IG Metall said the revelations were “disturbing” and called on Tesla to inform employees about all data protection violations and promote a culture in which staff could raise problems and grievances openly and without fear.
“These revelations … fit with the picture that we have gained in just under two years,” said Dirk Schulze, IG Metall incoming district manager for Berlin, Brandenburg and Saxony.
Handelsblatt quoted a lawyer for Tesla as saying a “disgruntled former employee” had abused their access as a service technician, adding that the company would take legal action against the individual it suspected of the leak.
The data protection watchdog for the Netherlands said on Friday it was aware of possible Tesla data protection breaches.
“We are aware of the Handelsblatt story and we are looking into it,” said a spokesperson for the AP data watchdog in the Netherlands, where Tesla’s European headquarters is located.
The agency declined all comment on whether it might launch or have launched an investigation, citing policy. The Dutch agency was informed by its counterpart in the German state of Brandenburg.
Handelsblatt said Tesla notified the Dutch authorities about the breach, but the AP spokesperson said they were not aware if the company had made any representations to the agency.
Tesla was not available for comment on Friday.
Last month, a Reuters report showed that groups of Tesla employees privately shared via an internal messaging system sometimes highly invasive videos and images recorded by customers’ car cameras between 2019 and 2022.
This week, Facebook’s parent Meta was hit with a record €1.2bn fine by its lead EU privacy regulator over its handling of user information and given five months to stop transferring user data to the US.