The personal data of up to 3000 flood victims in NSW has been exposed after it was uploaded to ChatGPT.
This morning, the NSW Reconstruction Authority (RA) announced that personal data, such as names, addresses, phone numbers, and other personal and health information, was uploaded to a platform by a former RA contractor.
The victims of the breach applied for the Northern Rivers Resilient Homes Program in the aftermath of the 2022 floods in northern NSW.
While the RA claims there is no evidence of data exposure to the public, it acknowledges that confirming this will take some time, given that the data was in a Microsoft Excel spreadsheet with 12,000 rows.
The RA stated, “The breach happened when a former contractor uploaded personal data to an unsecured AI tool that was not authorized by the department.”
“The process is highly complex and time consuming and we acknowledge that it has taken time to notify people.”
The RA anticipates that a forensic examination of the issue will be finalized shortly, which will provide clarity on the breach’s extent and the specific data potentially compromised.
They also say there is currently no evidence that any of the uploaded data has been accessed by a third party.
The RA expressed, “We recognize this news is troubling, and we sincerely apologize for any distress it may cause to those involved with the program.”
“We know people will want to know exactly what has been shared and we are doing all we can to get that information to them as soon as possible.”
