Tesla data breach - New insights from Christie's bug.

author: FutureCar Staff    

New details have emerged about the Tesla data breach that occurred in May, affecting more than 75,000 individuals. According to Steven Elentukh, Tesla's data privacy officer, the breach was carried out by two former employees who stole company data and shared it with German news outlet Handelsblatt. Tesla is currently suing the ex-staffers, and the devices containing the stolen data have been seized. The stolen documents included private employee data and customer complaints about potential safety issues with Tesla cars. This is not the first time Tesla has dealt with an employee exfiltrating company data, as a similar incident occurred in 2018.

Meanwhile, British auction house Christie's has been facing a security flaw that exposed the location data of potential clients and their valuable artworks. German cybersecurity researchers Martin Tschirsich and André Zilch discovered that when art sellers uploaded images of their masterpieces to Christie's website for appraisal, they inadvertently leaked their GPS coordinates, making them accessible to anyone online. Around 10 percent of the uploaded images contained exact GPS coordinates. The US Cybersecurity and Infrastructure Security Agency, along with the National Security Agency and the Australian Cyber Security Center, have previously addressed such vulnerabilities, which have compromised personal, financial, and health information of millions of users.

Despite informing Christie's about the vulnerability two months ago, the auction house only implemented a remedy recently after being contacted by The Washington Post. Initially, Christie's rejected the researchers' offer of help, stating that they did not require any assistance. While Christie's has not publicly confirmed the researchers' findings, they have emphasized their commitment to assessing security safeguards, addressing information security issues, and complying with legal and regulatory obligations.

FutureCar Staff