Former NSW government contractor posted flood victim data to ChatGPT

A former NSW government contractor is under fire for breaching the privacy of thousands of flood victims after it posted their data to ChatGPT.

The NSW Reconstruction Authority (RA), the state agency responsible for mitigating damage from natural disasters, announced that it was aware that a “data breach” had occurred, impacting thousands of those who applied to the Northern Rivers Resilient Homes Program (RHP), which provides financial assistance to those looking to improve the flood resistance of their homes.

“The breach occurred when a former contractor of the RA uploaded data containing personal information to an unsecured AI tool which was not authorised by the department,” the NSW government said.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“There is no evidence that any information has been made public; however, Cyber Security NSW will continue to monitor the internet and the dark web to see if any of the information is accessible online.”

According to a NSW government release, the former contractor posted 10 columns and over 12,000 rows of data from a Microsoft Excel spreadsheet into ChatGPT.

Based on “early forensic analysis”, as many as 3,000 people may have been impacted, with data exposed to ChatGPT including names, addresses, email addresses, phone numbers, and personal and health data.

However, the NSW government said it is working with Cyber Security NSW to investigate what data was shared with the AI chatbot.

“Every row is being carefully reviewed to understand what information may have been compromised,” the NSW government said.

“This process has been complex and time-consuming, and we acknowledge that it has taken time to notify people. Our focus has been on ensuring we had the right information to contact every impacted person accurately and completely.”

VIEW ALL

The government has also notified the NSW Privacy Commissioner, internal processes and systems have been bolstered, and guidance on the use of AI platforms has been issued to staff.

Additionally, Cyber Security NSW and the RA are monitoring the dark web for any instances of data being published.

“Safeguards are now in place to prevent similar incidents in future,” the NSW government said.

Those impacted will be notified of the incident within a week to confirm what data was shared.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Former NSW government contractor posted flood victim data to ChatGPT

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

FOLLOW US ON