A major data breach occurred in the Northern Rivers Resilient Homes Program, managed by the NSW Reconstruction Authority (RA), after a former contractor improperly uploaded sensitive data to ChatGPT between 12–15 March 2025. The exposed file contained over 12,000 records, including personal details (names, addresses, contact info) and health data, potentially affecting up to 3,000 individuals. While no evidence suggests third-party access, the breach triggered a forensic investigation by Cyber Security NSW and an independent review to assess delays in notification (spanning months). The RA has strengthened AI usage policies and is offering free identity support (ID Support NSW) and compensation for document replacement costs. The incident highlights risks of unauthorized AI platform use in handling sensitive government program data, with long-term reputational and operational consequences for the authority.
Source: https://dig.watch/updates/thousands-affected-by-ai-linked-data-breach-in-new-south-wales
TPRM report: https://www.rankiteo.com/company/nswreconauth
"id": "nsw2432924100625",
"linkid": "nswreconauth",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3,000 (estimated)',
'industry': 'Public Sector / Disaster Recovery',
'location': 'New South Wales, Australia',
'name': 'Northern Rivers Resilient Homes Program',
'type': 'Government Program'}],
'attack_vector': 'Human Error (Unauthorised AI Platform Usage)',
'customer_advisories': 'Direct notification to affected individuals planned '
'within one week of disclosure.',
'data_breach': {'data_exfiltration': 'Yes (Uploaded to ChatGPT)',
'number_of_records_exposed': '12,000+',
'personally_identifiable_information': ['Names',
'Addresses',
'Contact Information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Health Data']},
'date_publicly_disclosed': '2025-10-06',
'description': 'A major data breach affected the Northern Rivers Resilient '
'Homes Program in New South Wales after a former contractor '
'uploaded sensitive data to the AI platform ChatGPT. The '
'leaked file contained over 12,000 records, including names, '
'addresses, contact information, and health data, potentially '
'impacting up to 3,000 individuals. While no evidence suggests '
'third-party access, authorities launched a forensic '
'investigation and are notifying affected individuals. '
'Compensation and identity support services are being offered, '
'and internal policies have been strengthened to prevent '
'future incidents.',
'impact': {'brand_reputation_impact': 'Moderate (Public Apology Issued, Trust '
'Erosion Risk)',
'data_compromised': ['Names',
'Addresses',
'Contact Information',
'Health Data'],
'identity_theft_risk': 'High (Sensitive Personal Data Exposed)',
'legal_liabilities': 'Potential (Compensation for Identity '
'Document Replacement)',
'operational_impact': 'Forensic Investigation, Policy Review, '
'Notification Efforts'},
'investigation_status': 'Ongoing (Forensic Investigation and Independent '
'Review)',
'motivation': 'Negligence / Lack of Awareness',
'post_incident_analysis': {'corrective_actions': ['Strengthened Internal '
'Policies for AI Platform '
'Usage']},
'references': [{'date_accessed': '2025-10-06',
'source': 'Diplo Foundation (via Chatbot)'}],
'response': {'communication_strategy': ['Public Apology',
'Media Disclosure',
'Direct Notification to Victims'],
'containment_measures': ['Policy Enforcement for AI Tools'],
'incident_response_plan_activated': True,
'recovery_measures': ['Notification of Affected Individuals',
'ID Support Services (ID Support NSW)',
'Compensation for Identity Document '
'Replacement'],
'remediation_measures': ['Forensic Investigation',
'Independent Incident Review'],
'third_party_assistance': ['Cyber Security NSW']},
'stakeholder_advisories': 'ID Support NSW (Free Advice and Resources)',
'threat_actor': 'Former Contractor (Non-Malicious)',
'title': 'AI-linked data breach in Northern Rivers Resilient Homes Program, '
'New South Wales',
'type': ['Data Breach', 'Unauthorised Data Exposure'],
'vulnerability_exploited': 'Lack of Policy Enforcement for AI Tool Usage'}