Tesla and Duolingo have data problems

Tesla is the big data security story these past couple of weeks.  In the wake of Twitter’s recent rebranding to “X,” now another Elon Musk firm is in the news for an entirely different reason.  Two former Tesla employees are accused of sharing the personal information of over 75,000 people to German newspaper Handelsblatt.  

Despite the outlet’s assurance that the data would not be published (and one has to imagine a serious regulatory violation if they break their word), it constitutes a data breach all the same.  Thanks to this insider culprit, names, contact information, and Social Security numbers of current and former Tesla employees were compromised (apparently Elon Musk’s too).  Even specific customer complaints about their purchases were included.  In total, 100 GB of personal information that consists of 23,000 files between 2015 and 2022 were shared.

It is a bit unusual for a news organization to report on a breach in which they themselves were the recipient of the compromised data, but I guess that’s where we are in the trials and tribulations of data security.  Tesla filed lawsuits against the two employees and gained their electronic devices.  Any further use or dissemination of sensitive information will result in criminal penalties for the pair, per a court order.

In less insidery news, Duolingo saw the scraped data of 2.6 million of its users exposed online in January, and now the cache is for sale in the cybercrime marketplace.  Aside from the usual contact info, some of the most useful to future bad actors could be information about users’ social networks.  An oversight in the public vulnerability of the company’s application programming interface (API), one which was intended to allow users to share their activities with friends and find new potential friends, now opens the door to doxxing or further phishing schemes against unsuspecting recipients.  “We take data privacy and security seriously and are continuing to investigate this matter to determine if any further action is needed to protect our learners,” said a Duolingo spokesperson.

No matter how much an organization tries to educate its employees on proper cyber security hygiene—for instance, not to share highly sensitive data with major media sources—there is no escaping human error.  When that happens, mitigating the damage must take priority, to both the organization and anyone outside who was affected.  NetLib Security’s Encryptionizer is a powerful transparent data encryption solution that effortlessly protects stored data across all environments, whether cloud, virtual or physical.  Keep your data encrypted against, and without, compromise, and request a free evaluation here.


By: Jonathan Weicher, post on August 29, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security