Two recent insider incidents: Tesla and Jefferson Health affected

It's time for another roundup of recent information security incidents. Today we're going to reveal details of the Tesla insider incident and the alleged patient data compromise at Jefferson Health.

Tesla, the famous electric car manufacturer, has claimed that insiders are in charge of leaking the personal data of 75,000 employees and customers.

The data leak came to light in May 2023, when a major publication announced the exposure of the company’s employee and customer data, which included:

  • Names
  • Addresses
  • Phone numbers
  • Social Security numbers
  • Customer complaints about Tesla’s Full Self-Driving (FSD) features
  • Production secrets.

The leak allegedly even revealed Tesla owner Elon Musk's social security number. 
A Tesla spokesman said that after an investigation of the incident, the possible reasons for leaking confidential information to the media have been clarified. Allegedly, two former employees misappropriated clients and employees’ personal information and violated the company's information security policies, and then passed the stolen data to the aforementioned publication.

Tesla representatives now say they have filed a lawsuit against the two allegedly guilty employees and have already obtained court orders prohibiting the former employees from further use, access or disclosure of the data.

This is not the first incident of malicious insider activity at Tesla, we previously reported on the Tesla factory sabotage.

Jefferson Health patients have been notified of a possible leak of personal information.

The alleged incident took place at one of the hospitals belonging to Jefferson Health, the Cherry Hill Hospital. The reason was the disappearance of a backup hard drive from a DEXA scan machine, which is used to measure bone density. It is not known if the device was stolen or lost. The loss was discovered in mid-June during routine maintenance of the scanning machine.

The backup drive contained the following patients' information:

  • Names 
  • Birthdates
  • Medical record numbers
  • Medical health information
  • Mailing addresses (allegedly).

In the official statement, Jefferson Health representatives said other sensitive information, including social security numbers, phone numbers, driver's licence numbers and patient X-rays, cannot be easily viewed without the right software and login credentials.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.