By Riham Alkousaa and Toby Sterling
BERLIN/AMSTERDAM (Reuters) – The data protection watchdog for the Netherlands said on Friday it was aware of possible Tesla data protection breaches, but it was too early to say whether it would start an investigation.
Germany’s Handelsblatt reported on Thursday that Elon Musk’s Tesla had allegedly failed to adequately protect data from customers, employees and business partners, citing 100 gigabytes of confidential data leaked by a whistleblower.
“We are aware of the Handelsblatt story and we are looking into it,” said a spokesperson for the AP data watchdog in the Netherlands, where Tesla’s European headquarters is located.
Handelsblatt said Tesla notified the Dutch authorities about the breach, but the AP spokesperson said they were not aware if the company had made any representations to the agency.
Tesla was not immediately available for comment on Friday on the Handelsblatt report, which said customer data could be found “in abundance” in a data set labelled “Tesla Files”.
The data protection office in the German state of Brandenburg, which is home to Tesla’s European gigafactory, described the data leak as “massive”.
“I can’t remember such a scale,” Brandenburg data protection officer Dagmar Hartge said, adding that the case had been handed to the Dutch authorities who would be responsible if the allegations led to an enforcement action.
The Dutch authorities has several weeks to decide whether to deal with the case as part of a European procedure, she added.
The files include tables containing more than 100,000 names of former and current employees, including the social security number of Tesla CEO Musk, along with private email addresses, phone numbers, salaries of employees, bank details of customers and secret details from production, Handelsblatt reported.
The breach would violate the GDPR, it said.
If such a violation was proved, Tesla could be fined up to 4% of its annual sales, which could be 3.26 billion euros.
German union IG Metall said the revelations were “disturbing” and called on Tesla to inform employees about all data protection violations and promote a culture in which staff could raise problems and grievances openly and without fear.
“These revelations … fit with the picture that we have gained in just under two years,” said Dirk Schulze, IG Metall incoming district manager for Berlin, Brandenburg and Saxony.
Handelsblatt quoted a lawyer for Tesla as saying a “disgruntled former employee” had abused their access as a service technician, adding that the company would take legal action against the individual it suspected of the leak.
Citing the leaked files, the newspaper reported about thousands of customer complaints regarding the carmaker’s driver assistance systems with around 4,000 complaints on sudden acceleration or phantom braking.
Last month, a Reuters report showed that groups of Tesla employees privately shared via an internal messaging system sometimes highly invasive videos and images recorded by customers’ car cameras between 2019 and 2022.
This week, Facebook parent Meta was hit with a record 1.2 billion euro ($1.3 billion) fine by its lead European Union privacy regulator over its handling of user information and given five months to stop transferring user data to the U.S.
(Reporting by Riham Alkousaa and Christina Amann in Berlin, Toby Sterling in Amsterdam and Hyun Joo Jin in San Francisco; Editing by Susan Fenton, David Gregorio and Alexander Smith)