CADChain
Blog

Tesla Accused an Engineer of Stealing About 26,000 Sensitive Files Via Dropbox: How Could This Have Been Avoided?

About a year ago, Tesla, the American electric car behemoth, claimed that it suffered the biggest data leak in its’ history. A senior software quality assurance engineer that they hired in late 2020 reportedly stole 26 000 confidential documents, including trade secrets. And to do so he has simply downloaded all the data on his personal Dropbox.  

Tesla lawyers said: “Within three days of being hired by Tesla, defendant brazenly stole thousands of trade secret computer scripts that took the company years to develop”. Due to this leak the engineer, who Tesla believes to be a “willful and malicious thief” gained access to scripts that the company uses to automate some business tasks, like ordering parts and delivering vehicles. Tesla officials say that only about 40 of the company’s 50 000 engineers can access those files. 

It took the company 12 years to develop the scripts, and the data loss will inform competitors of which systems Tesla views as important and valuable to automate. By being able to reverse-engineer it other companies will get a roadmap to copy Tesla’s innovation.  

The accused engineer believes that the whole situation is a result of a fatal misunderstanding and claims that he has downloaded the files “unintentionally”. While working remotely he downloaded some of the files that he needed for his job but then somehow added 26 000 more files to his personal Dropbox. The engineer says that he didn’t share any files with anyone and deleted everything on his account the moment when he had been told to.

This is not the first time when Tesla’s former employees or rival companies end up in court. In March 2019, the company sued people who used to work there for stealing confidential information. In March 2020 Tesla sued a competitor, Rivian, saying that its employees also stole trade secrets. A similar case happened to Tesla’s former process technician, who now owes $400 000 to it for divulging trade secrets. 

But let the court decide how to settle those lawsuits. It is better to concentrate on ways of protecting data no matter what.

What are the ways to protect your data even if it leaked?


CADChain introduces BORIS, the universal solution for timestamping and digitally fingerprinting CAD files. The solution utilizes the idea of blockchain, a distributed database that maintains a tamper-proof list of records. 


Step one is identity verification to assure the identity of entities and individuals you are sharing data with, guaranteeing that anyone reviewing your file has been verified, even if that person is an external collaborator.

Step two is encryption, security and tracking. From within the CAD software the files can be protected by state-of-the-art encryption and tracked when shared through our plugin. 

Blockchain makes it possible to timestamp all files entering it, thus allowing you to know who (and when) created, uploaded, downloaded, or accessed the file. 

This is extremely important because the solution makes you “the first in right” to intellectual property (IP), by proving that you were the first to register an intellectual asset.

In this situation around the former Tesla engineer, this would help determine the files as the company’s IP, possibly serving as a deterrent, making people think about whether they really want to risk downloading anything that could easily be traced back to the owner. 

BORIS digitally signs your models by linking your ID to them, securing this information on blockchain. This means, that even if your files are leaked, you can always prove ownership over them, as only you possess the unique master key to your ID. 

Step three is a legal failsafe. The legal component of BORIS ensures an enforcable contract for every shared file and will protect you even against malicious users. This feature utilizes smart legal contracts to further improve the safety of your files. The contracts work on the “if…then…” pieces of code integrated into blockchain, only executing actions when certain conditions are met.