NSW Contractor Causes Data Breach by Uploading 3,000 Flood Victims’ Information to ChatGPT
Published
- Cybersecurity incident: The sensitive data of up to 3,000 flood victims in Australia was exposed online.
- What happened: A former contractor for the NSW government uploaded the information to the public AI platform, ChatGPT.
- Exposed data: The compromised information included a spreadsheet with email addresses, phone numbers, and other personal and health information.
The New South Wales (NSW) government is managing a significant cybersecurity incident after a former contractor uploaded sensitive data to ChatGPT. The information belonged to as many as 3,000 applicants of the Northern Rivers Resilient Homes Program (RHP).
Government Response and Investigation
The shared data was contained in a Microsoft Excel spreadsheet with 10 columns and more than 12,000 rows of details, according to local news outlets. The NSW Reconstruction Authority has issued a formal apology for the incident, acknowledging the distress it may cause.
“All of it must be thoroughly reviewed to understand what may have been compromised,” the department said. An investigation led by Cyber Security NSW is underway to determine the full scope of the breach and assess the associated risks
The upload, which occurred in March, exposed personal details of individuals impacted by the 2022 floods, including:
- email addresses,
- phone numbers,
- other personal and health information.
While the Australian authority has stated there is currently no evidence that the information has been made public or accessed by a third party, it cannot be ruled out. The government is monitoring the internet and the dark web for any signs of the data.
Affected individuals are being contacted and offered support, including compensation for replacing any compromised identity documents.
Highlighting ChatGPT Privacy Risks
This data breach serves as a critical example of ChatGPT privacy risks and the dangers of using non-sanctioned AI platforms for handling sensitive information. Uploading data to public large language models can result in that data being used for training purposes and potentially becoming accessible beyond its intended scope.
In response, the NSW Reconstruction Authority has strengthened its internal systems and issued clear guidance to staff to prevent future incidents. The NSW Privacy Commissioner has been notified, and an independent review of how the breach was managed has been initiated.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular