A former contractor for the NSW Reconstruction Authority uploaded personal information of up to 3,000 flood victims from the Northern Rivers Resilient Homes Program to ChatGPT without authorization, creating a data breach involving names, addresses, phone numbers, and health information.
Between March 12-15, 2025, a former contractor of the NSW Reconstruction Authority uploaded personal information from the Northern Rivers Resilient Homes Program to ChatGPT, an unauthorized AI platform. The data consisted of a Microsoft Excel spreadsheet containing 10 columns and over 12,000 rows of information. Up to 3,000 people may have been affected by this breach. The compromised information included names and addresses, email addresses, phone numbers, and some personal and health information. The breach was discovered during an internal review, prompting immediate containment measures including forensic analysis and collaboration with Cyber Security NSW. There is no evidence that the uploaded data has been accessed by third parties or made public. The NSW Privacy Commissioner was notified, and the authority has implemented new safeguards to prevent unauthorized uploads to AI platforms. The Northern Rivers Resilient Homes Program assists people affected by the devastating 2022 floods that killed 13 people and destroyed over 4,000 properties in the region.
Domain classification, causal taxonomy, severity scores, and national security assessments were LLM-classified and may contain errors.
AI systems that memorize and leak sensitive personal data or infer private information about individuals without their consent. Unexpected or unauthorized sharing of data and information can compromise user expectation of privacy, assist identity theft, or cause loss of confidential intellectual property.
Human
Due to a decision or action made by humans
Unintentional
Due to an unexpected outcome from pursuing a goal
Post-deployment
Occurring after the AI model has been trained and deployed