On May 25, the German newspaper Handelsblatt revealed a massive data leak from Tesla. What was supposed to make headlines in all serious media outlets ended up having a shy coverage so far. It seems most people failed to understand what Handelsblatt revealed. Still, the main point is that it affects Tesla customers and employees in all countries where the EV maker officially sells its vehicles – particularly the US. Just check Handelblatt's database.
The German newspaper created a free search tool that allows customers to look for their cars' VINs and Tesla employees to verify their ID numbers at the company. I gave it a try with VINs from American auction websites, and a brief check revealed two totaled cars in the database with personal information from their previous owners. There are more than 2,500 Tesla VINs on the websites I found. If that affects written-off vehicles, it may be an even bigger issue for cars still on American roads.
When I say personal information, it can be anything: from these folks' names to payment information. Only Handelsblatt knows what it is, and it may tell you more about that if you contact its team by email and provide enough evidence that you are the owner – or former owner of totaled cars. What I strongly recommend is that you at least give it a look. It would be nice if Handelsblatt made an English version of the search tool, but Google Translate will help you if you are not familiar with German.
If you think about it, it could not be any different. The files go from 2015 until March 2022, which means any car produced by the company until that last date can be in the Tesla Files. They also contain information about more than 100,000 employees. Where do you think most of them live? Tesla now has factories in China and Germany, but that was not the case until 2019 – when Giga Shanghai started producing vehicles. Giga Grünheide’s premiere was in March 2022. What a coincidence, right?
As you can see, most Tesla employees were in the US until that point, and they are still a majority there. While the Chinese market should eventually beat the American one for Tesla – and any other carmaker in the world – that is yet to happen. So we have 100 gigabytes (Gb) of information that were exposed, and a good chunk relates to the American market. Anyone with access to the company's project management system – called Jira – could check sensitive documents. Not by design, but by misuse: according to Atlassian – the company that created Jira – customers can "precisely control who can access what." In other words, Tesla's management allowed 23,398 files to be copied from the company's servers by someone who was not supposed to have access to them.
Thankfully, the whistleblowers who copied these files did not use them with bad intentions. They just looked for a media outlet with the necessary legal and technical backup to reveal how Tesla handled customer and employee data. They have contacted several American outlets to do that, but none of them dared to touch the documents. It took a German newspaper to get the job done, even with a majority of American cars and customers affected. The sad bit is that very few realized that so far. Those who do know about the problem may be dismissing it as Germany's or Europe's problem. It is broader than that.
More than the General Data Protection Regulation's (GDPR) hot potato, Handelsblatt discovered that Tesla received 2,400 complaints of sudden unintended acceleration (SUA) and 1,500 phantom braking cases. The BEV maker's only action to deal with them seems to be an internal presentation from May 2018 that the Tesla Files also revealed. The fault analysis presentation contained ten categories, and these issues were the most urgent ones, labeled as "Dangerous – direct risk to customer safety without warning."
We have two possibilities to explain this: either Tesla took the engineer's presentation seriously and failed to solve the issues they pointed out, or it just ignored them. Either way, that looks really bad. The company only took practical measures to deal with SUA incidents after Costas Lakafossis asked the National Highway Traffic Safety Administration (NHTSA) to recall all Tesla vehicles. The accident investigator blamed Autopilot's erratic behavior for inducing drivers to confuse the pedals. Ironically, that only happened after Chinese authorities started investigating the matter – and only in China.
There have been several (and absurd) attempts to downplay what the documents exposed. Some said 2,400 cases of sudden unintended acceleration in a universe of 3 million cars were nothing. It is like stating that having 695 mass shootings in the US is no big deal. After all, the country has 333 million people, of which 81 million souls possess 434 million weapons. Tesla advocates also said it was natural that the company would instruct its employees not to communicate with customers in writing, only verbally. The BEV maker's lack of transparency is notorious, but having people defend that is astonishing.
If you do not want to be in the same boat as those guys, you should keep an eye on what Handelsblatt still has to reveal. More than that, Tesla employees should look for their IDs, and customers should check their cars' VINs on the German newspaper search tool. That is the best way to figure out how this story may also relate to you. On top of that, it will also bring your attention to another danger: arbitration rules. I'll talk about that in a future story that you should not miss.
When I say personal information, it can be anything: from these folks' names to payment information. Only Handelsblatt knows what it is, and it may tell you more about that if you contact its team by email and provide enough evidence that you are the owner – or former owner of totaled cars. What I strongly recommend is that you at least give it a look. It would be nice if Handelsblatt made an English version of the search tool, but Google Translate will help you if you are not familiar with German.
As you can see, most Tesla employees were in the US until that point, and they are still a majority there. While the Chinese market should eventually beat the American one for Tesla – and any other carmaker in the world – that is yet to happen. So we have 100 gigabytes (Gb) of information that were exposed, and a good chunk relates to the American market. Anyone with access to the company's project management system – called Jira – could check sensitive documents. Not by design, but by misuse: according to Atlassian – the company that created Jira – customers can "precisely control who can access what." In other words, Tesla's management allowed 23,398 files to be copied from the company's servers by someone who was not supposed to have access to them.
More than the General Data Protection Regulation's (GDPR) hot potato, Handelsblatt discovered that Tesla received 2,400 complaints of sudden unintended acceleration (SUA) and 1,500 phantom braking cases. The BEV maker's only action to deal with them seems to be an internal presentation from May 2018 that the Tesla Files also revealed. The fault analysis presentation contained ten categories, and these issues were the most urgent ones, labeled as "Dangerous – direct risk to customer safety without warning."
There have been several (and absurd) attempts to downplay what the documents exposed. Some said 2,400 cases of sudden unintended acceleration in a universe of 3 million cars were nothing. It is like stating that having 695 mass shootings in the US is no big deal. After all, the country has 333 million people, of which 81 million souls possess 434 million weapons. Tesla advocates also said it was natural that the company would instruct its employees not to communicate with customers in writing, only verbally. The BEV maker's lack of transparency is notorious, but having people defend that is astonishing.