Story image

Tesla takes ex-employee to court for hacking and sharing confidential info

22 Jun 18

Tesla has taken a former employee to court for allegedly hacking company data and handing it over to third parties.

According to court documents filed with the US District Court (District of Nevada) this week, Martin Tripp was hired as a process technician at Tesla’s Nevada Gigafactory in October 2017.

He had access to some of Tesla’s highly sensitive information, including the manufacturing process for battery module manufacturing. He was also required not to disclose or use Tesla’s information beyond his role with tesla.

However, he believed his role as process technician was not enough of a senior role for him. Managers also reported poor job performance and disruption and Tripp was reassigned to another role on May 17, 2018.

Tesla alleges that Tripp took wilful and reckless actions against the company by stealing confidential and trade secret information, and sharing that information with third parties. He also allegedly made false statements to harm the company.

Between June 14-15 Tesla investigators interviewed Tripp. While initially denying misconduct, he then admitted to writing software that hacked Tesla.

“Tesla has only begun to understand the full scope of Tripp’s illegal activity, but he has thus far admitted to writing software that hacked Tesla’s manufacturing operating system (“MOS”) and to transferring several gigabytes of Tesla data to outside entities. This includes dozens of confidential photographs and a video of Tesla’s manufacturing systems,” the court documents say.

Tripp also wrote code that would export data from Tesla’s network to third parties by loading the ‘hacking software’ onto other employees’ computers. The software would continue to export, even after he left the company and falsely implicating the other computer users.

According to the documents, Tripp is accused of:

  • Writing software to hack Tesla’s MOS
  • Divulging confidential and proprietary information in violation of his Proprietary Information Agreement and duties to Tesla
  • Providing third parties with unauthorized access to proprietary information contained in Tesla’s electronic devices and systems
  • Taking and sharing with third parties dozens of photographs of Tesla’s manufacturing systems
  • Taking and sharing with third parties a video of Tesla’s manufacturing systems
  • Falsely modifying Tesla’s proprietary information before sending it to third parties
  • Making false claims to third parties about the information that he wrongly took.

He also tried to recruit other people inside the Gigafactory in order to distribute the confidential information.

Tesla also alleges that Tripp made false statements to the media about the stolen information.

“For example, Tripp claimed that punctured battery cells had been used in certain Model 3 vehicles even though no punctured cells were ever used in vehicles, batteries or otherwise. Tripp also vastly exaggerated the true amount and value of “scrap” material that Tesla generated during the manufacturing process, and falsely claimed that Tesla was delayed in bringing new manufacturing equipment online,” the court documents state.

Tesla says it has already suffered ‘significant and continuing damages’ as a result of Tripp’s misconduct.

“Tesla derives independent economic value from the fact that its confidential, proprietary, and trade secret information is not generally known to the public and not readily ascertainable through proper means. Tesla has taken, and continues to take, reasonable measures to keep that information secret and confidential,” the court documents state.

Tesla is seeking a jury trial with the intent of receiving injunctive relief, compensatory damages (yet to be determined), punitive and exemplary damages, prejudgment interest, legal fees and expenses, and other forms of ‘relief’.

Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.
Different approach to malware detection needed – VMware
Security needs to move away from the traditional approach of chasing after arbitrary forms of malware.
Modernising ERP systems can help organisations comply with GDPR
“Organisations need to look for modern ERP systems that are specifically designed with GDPR in mind."
Cyber attacks develop complexity, target Windows sysad tools - report
The report explores changes in the threat landscape over the past year, uncovering trends and how they are expected to impact cybersecurity in 2019.
DanaBot banking Trojan: How to protect your organisation
DanaBot is a Trojan written in the Delphi programming language that includes banking site web injections and stealer functions.
Ping Identity announces new Identity-as-a-Service solution
PingOne for Customers is built for the developer community and provides API-based identity services for customer-facing applications.