At a glance.
- Update on the Tesla data breach.
- Christie’s bug paints clear picture of sellers’ location data.
Update on the Tesla data breach.
New details were revealed last week about American car maker Tesla’s May data breach. It affected over 75,000 individuals. Steven Elentukh, the company’s data privacy officer, issued a notice last week to the office of the Maine Attorney General stating that two former Tesla employees were responsible for the breach, having stolen company data and shared it with German news outlet Handelsblatt. Quartz reports that Tesla is suing the two ex-staffers, and the devices allegedly containing the stolen data have been seized. The stolen documents included private employee data as well as thousands of customer complaints regarding potentially dangerous issues experienced in Tesla cars. It’s worth noting that this is not the first time Tesla has sued an employee for exfiltrating company data. In 2018, Tesla alleged that a former process technician stole confidential and trade secret information and shared it with third parties.
Christie’s bug paints clear picture of sellers’ location data.
Two German cybersecurity researchers say a flaw in the networks of British auction house Christie’s has been exposing the location data of potential clients and their valuable works of art, the Washington Post reports. Martin Tschirsich and André Zilch found that when would-be art sellers from around the world uploaded images of their masterpieces to Christie’s website for appraisal, they were also inadvertently leaking their location data and making it accessible to anyone online. “Around 10 percent of the uploaded images contain exact GPS coordinates,” the researchers stated. In July the US Cybersecurity and Infrastructure Security Agency issued a joint statement with the National Security Agency and the Australian Cyber Security Center addressing these types of security issues. “[These vulnerabilities] have resulted in the compromise of personal, financial, and health information of millions of users and consumers,” the statement explained. Although the researchers informed Christie’s about the vulnerability over two months ago, they say the auction house only implemented a remedy within the last week after being contacted by The Post. Tschirsich stated, “It was only Tuesday when Christie’s appears to have implemented technical measures to close the vulnerability.” When first contacted, a Christie’s executive rejected the researcher’s offer of help, stating, “Thank you, but we do not require any advice or assistance.“ While Christie’s has not publicly confirmed the researchers’ findings, the auction house issued the following statement: “We continuously assess our security safeguards, thoroughly address issues relating to the security of our clients’ information, and comply with our legal and regulatory obligations.”