News.com.au have published an article entitled "Thousands exposed after ChatGPT sparks data breach concerns at NSW government agency".
The New South Wales Reconstruction Authority suffered a data breach when a third-party contractor engaged by the authority uploaded an uncontrolled spreadsheet containing personal details of thousands of flood victims into ChatGPT. Although, at this stage, the data has not being exposed, the act of uploading the data to an uncontrolled, third-party service where there is a risk of data exposure, and that exposure would cause serious harm, this is now regarded as a Notifiable Data Breach.
This event again demonstrates the possibility of data breaches happening without hackers, without any error by data owners, and highlights the need for data privacy training by all personnel handling private and confidential data.
Clearstone Governance has a course named Protecting you Data to help.
The link is Thousands exposed after ChatGPT sparks data breach concerns at NSW government agency