NSW Government Contractor Exposes Flood Victims’ Data to ChatGPT through Excel Upload

Vanessa May on October 7, 2025


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

NSW Government Contractor Exposes Flood Victims' Data to ChatGPT through Excel Upload



NSW Data Breach Incident Involving ChatGPT

Summary Overview

  • A contractor from the NSW Reconstruction Authority uploaded confidential data to ChatGPT.
  • The incident impacted nearly 3000 individuals participating in the Northern Rivers Resilient Homes Program.
  • The exposed data comprised names, addresses, email addresses, phone numbers, and certain health records.
  • Efforts are ongoing to investigate the breach and inform those affected.
  • Steps have been taken to avert similar occurrences in the future.

Context of the Breach

NSW Government Contractor Exposes Flood Victims' Data to ChatGPT through Excel Upload


The NSW Reconstruction Authority, which aims to support those affected by the 2022 floods, experienced a data breach when a contractor uploaded confidential information to ChatGPT. This event revealed personal data of around 3000 participants in the Northern Rivers Resilient Homes Program.

Specifics of the Breach

In March, a contractor uploaded an Excel document containing over 12,000 lines of data to ChatGPT. The breach went unnoticed initially and was made public several months later. Analysts from Cyber Security NSW are now examining the data to determine the scope of the breach.

Consequences for the Resilient Homes Program

The individuals affected were applicants to a program designed to assist those in flood-affected regions by either repurchasing homes, aiding in rebuilding expenses, or enhancing structural resilience. The breach included personal identification and health data, raising alarms regarding privacy and data integrity.

Actions Taken and Preventative Steps

The NSW Reconstruction Authority has undertaken measures to strengthen data security by reevaluating internal protocols and providing directives against the use of unauthorized AI platforms. They claim there is no proof of third-party access to the data, although oversight remains a complicated issue.

Conclusion

The data breach involving the NSW Reconstruction Authority underscores the dangers linked to utilizing public AI services like ChatGPT for managing sensitive information. The occurrence has initiated a reassessment of cybersecurity protocols to avert future breaches.

Q: What primarily caused this data breach?

A: The breach happened when a contractor submitted sensitive data to ChatGPT without authorization.

Q: How many individuals did this breach impact?

A: Up to 3000 individuals associated with the Northern Rivers Resilient Homes Program were impacted.

Q: What specific data was compromised?

A: The compromised information included names, addresses, email addresses, phone numbers, and certain personal and health details.

Q: What measures have been taken to prevent future breaches?

A: The authority has enhanced its internal systems, reviewed procedures, and issued guidelines to prevent the use of unauthorized AI platforms.

Q: Is there any indication that third parties accessed the data?

A: There is no indication of third-party access, yet monitoring public AI tools is inherently difficult.

Q: How is the NSW Reconstruction Authority managing communication with affected individuals?

A: They are carrying out a thorough analysis to ensure precise and complete notifications to all affected parties.

Leave a Reply

Your email address will not be published. Required fields are marked *