I don't see how it isn't a firable offense given that it violates the confidentiality agreement that lists termination as a possible consequence of violation.
So it seems to me that what Oritz did must qualify as protected activity...
First of all, the system wasn’t treated as confidential information, and workers weren’t told that use of the system was restricted. Second, the data they extracted were simply names and photos. Third, they posted them to a FB group comprising Tesla employees. If you read the judgment, indeed, all of these actions are considered protected activity.
If you read the policy they had people sign (it is included in the official opinion linked in other comments) it would seem to be expressly included under that policy.
So it seems to me that what Oritz did must qualify as protected activity...