A significant data breach has occurred involving the personal information of up to 3,000 applicants to the Northern Rivers Resilient Homes Program in NSW, after a former contractor uploaded the data to ChatGPT between March 12 and 15, 2025.

The compromised data potentially includes names, addresses, email addresses, phone numbers, and other personal details, affecting over 3,000 individuals involved in flood recovery efforts.

In total, over 12,000 rows of sensitive data from the program have been exposed, raising serious concerns about privacy and security.

The NSW Reconstruction Authority, led by NSW Police Commissioner Mal Lanyon until September 30, has responded by strengthening internal security measures, issuing staff guidance on AI platform use, and notifying NSW’s Privacy Commissioner.

The breach was discovered during a complex review process, and affected individuals will be notified within a week; authorities are monitoring online sources and the dark web for signs of data access or sharing.

Steps are being taken to understand what information was shared, assess the risks, and contain the breach, with ongoing investigations to clarify the impact.

Authorities are investigating the breach, with Cyber Security NSW conducting a forensic analysis to determine the scope and risks, although there is no current evidence that the data has been accessed publicly or by third parties.

Affected individuals are advised to contact the Resilient Homes Program call centre or ID Support NSW for updates, support, and potential compensation for expenses related to identity document replacement.

NSW Minister for Recovery Janelle Saffin apologized for the incident, emphasizing that the situation is being handled carefully with ongoing updates and support for those affected.

The Northern Rivers Resilient Homes Program, initiated in late 2022 to aid flood-affected residents, has now faced scrutiny due to concerns over the confidentiality of community recovery efforts.

Residents, such as Harper Dalton-Earls, expressed concern over the amount of sensitive information provided during the application process and the potential for breach.

This incident follows a previous major data breach involving the NSW Department of Communities and Justice in March, highlighting ongoing issues with data security in government agencies.

The data was uploaded to ChatGPT by a former contractor, raising questions about privacy and the security protocols surrounding AI platforms used by government contractors.