back to article Lawsuit claims Tesla corp data security is far less advanced than its cars

An ex-Tesla staffer has filed a proposed class action lawsuit that blames poor access control at the carmaker for a data leak, weeks after Tesla itself sued the alleged leakers, two former employees. Benson Pai, who was a production associate on Tesla's California campus, working on the construction and assembly of the …

  1. aerogems Silver badge
    FAIL

    Seems Reasonable

    I mean, if two employees can walk off with that much data, that right there is a sign of a massive problem. And if I remember my training on PII from past jobs, the law generally puts the onus on the employer to maintain this information securely and they are automatically assumed to be at fault for breaches unless they can show miscreants used some hereto unknown 0-day exploit or something that couldn't reasonably be foreseen.

    So, hopefully the pitched sueball ends up hitting the batter, because it sounds like it's deserved.

  2. Anonymous Coward
    Anonymous Coward

    Genuine Question

    I live in England so I am not sure I understand what these S.S.N's are. But they seem to be an important means of I.D.

    In that case, could the victims just be issued with new numbers?

    1. Woodnag

      Re: Genuine Question

      It's like your NI number, innit.

      No.

      1. Mr Dogshit

        Re: Genuine Question

        It is equivalent to our National Insurance number. The problem is that countless organisations use it as a GUID.

    2. aerogems Silver badge

      Re: Genuine Question

      A social security number, as the article points out, is kind of a universal ID number assigned to every citizen at birth, or when they're granted citizenship in terms of immigrants. It was never really intended to be used that way, but since when has that ever stopped us (happy coincidence)? If you want to buy a car, get a loan for a house, get a credit card, or a number of other things, you provide that number as a means of proving your citizenship and thus eligibility. Technically it's just meant for when you reach retirement age in the US you get a small pittance from the govt. Not really enough to live off of anymore, but a pittance.

      I assume in the UK you have some kind of unique ID for tax purposes, so it'd be like that.

      People can be given new numbers, but since it's generally so intertwined with so many other systems it's not as easy as it may seem. You have to change hundreds, maybe thousands, of individual records across hundreds, maybe thousands, of databases which are not necessarily connected in any way. And if the social security administration just sent out some kind of missive saying this is the new number for Joe Blow, you can bet ne'er do-wells all over would be looking to intercept those.

      1. Bebu Silver badge
        Windows

        Re: Genuine Question

        In AU we probably avoided this type of american general fuckedness when we said NO to the "Australia Card" back in the '80s (I think.) Its also illegal for your AU tax office (ATO) tax file number (TFN) to be used (recorded) in this manner.

        Drivers licence numbers have been/are used in this manner which unfortunately in AU states where that number cannot be changed (WA) the same grief follows any of the many data breaches AU has endured. AU organisations implement "world best practice" in the crappiness of their data protection. (Transl. World = US, Best = superlat. Worse)

    3. Blazde Silver badge
      Meh

      Re: Genuine Question

      Didn't Equifax already leak every financially relevant SSN in existence as of 2017? So realistically for those over 24 these lawsuits are a bit flaky.

      Also might be an idea to start backfilling this particular 'security fraud goldmine'

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like