New South Wales Reconstruction Authority (RA)

The New South Wales Reconstruction Authority (RA) experienced a data breach involving the Northern Rivers Resilient Homes Program (RHP), where a former temporary employee improperly uploaded sensitive personal information of 2,031 individuals to an unauthorized AI tool. The exposed data included personally identifiable details linked to participants of the RHP, a program designed to assist flood-affected residents in rebuilding resilient homes. The breach was caused by internal human error, specifically the mishandling of data by an employee with temporary access. While the exact nature of the compromised data (e.g., financial records, addresses, or identification numbers) was not fully disclosed, the incident highlights vulnerabilities in employee data governance and third-party tool misuse. The RA confirmed the breach but did not specify whether the exposed data was further exploited or accessed by malicious actors. The incident underscores risks associated with insider threats and the need for stricter controls on data sharing, particularly with external platforms.

Source: https://www.teiss.co.uk/news/news-scroller/data-breach-exposes-personal-details-of-over-2000-linked-to-nsw-resilient-homes-program-16549

TPRM report: https://www.rankiteo.com/company/nswreconauth

"id": "nsw5232652101525",
"linkid": "nswreconauth",
"type": "Breach",
"date": "10/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '2,031 individuals (connected to '
                                              'Northern Rivers Resilient Homes '
                                              'Program)',
                        'industry': 'Public Administration / Disaster Recovery',
                        'location': 'New South Wales, Australia',
                        'name': 'New South Wales Reconstruction Authority (RA)',
                        'type': 'Government Authority'},
                       {'customers_affected': '2,031 individuals',
                        'industry': 'Disaster Recovery / Housing',
                        'location': 'Northern Rivers, New South Wales, '
                                    'Australia',
                        'name': 'Northern Rivers Resilient Homes Program (RHP)',
                        'type': 'Government Program'}],
 'attack_vector': 'Insider Threat (Unauthorized Data Upload by Former '
                  'Employee)',
 'data_breach': {'data_exfiltration': 'Yes (uploaded to unauthorized AI tool)',
                 'number_of_records_exposed': '2,031',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (personal details)',
                 'type_of_data_compromised': ['Personal Information']},
 'description': 'The New South Wales Reconstruction Authority (RA) has '
                'confirmed that personal information belonging to 2,031 '
                'individuals connected to the Northern Rivers Resilient Homes '
                'Program (RHP) was compromised after a former temporary '
                'employee uploaded sensitive data to an unauthorized '
                'artificial intelligence tool.',
 'impact': {'brand_reputation_impact': 'Potential (due to exposure of '
                                       'sensitive personal data)',
            'data_compromised': ['Personal Information'],
            'identity_theft_risk': 'High (personal information exposed)'},
 'post_incident_analysis': {'root_causes': 'Unauthorized data upload by former '
                                           'temporary employee to an AI tool '
                                           '(likely lack of access controls or '
                                           'employee training).'},
 'threat_actor': 'Former Temporary Employee',
 'title': 'Data breach exposes personal details of over 2,000 linked to NSW '
          'Resilient Homes Program',
 'type': 'Data Breach'}