At a glance.
- Samsung employees leak company data on ChatGPT.
- Update on Queensland University of Technology attack.
Samsung employees leak company data on ChatGPT.
As governments across the globe consider banning ChatGPT due to concerns surrounding user data collection and storage without consent, there are reports that Samsung employees leaked confidential company info to the popular artificial intelligence-powered chatbot. Gizmodo reports that the employees allegedly shared sensitive Samsung data with ChatGPT on at least three separate occasions. In two cases, staffers copied source code from defective equipment into ChatGPT in order to ask for a fix. In a third separate case, an employee allegedly submitted notes for an entire meeting in order to ask the chatbot to produce meeting minutes. It would be one thing if ChatGPT deleted such prompts after use, but the chatbot stores and uses these inputs to train its AI models.
In fact, ChatGPT’s parent company OpenAI warns users against sharing confidential data because it is “not able to delete specific prompts.” Nonetheless, users often submit sensitive info, and the issue is not just limited to Samsung. Cybersecurity company Cyberhaven recently found that 3.1% of customers who used ChatGPT had at one point submitted confidential company data. After news of these leaks spread, Samsung has tried to prevent it from happening again by limiting employee prompts to ChatGPT to just 1024 bytes. Now the company is working on creating its own in-house AI. Amazon and Walmart have also reportedly warned employees against sharing sensitive information with ChatGPT, and other companies like Verizon and J.P. Morgan Chase have completely blocked employee-use of the chatbot.
Update on Queensland University of Technology attack.
The Queensland University of Technology (QUT) suffered a cyberattack back in December that exposed sensitive data of over 11,000 current and former staff and students, and now the school has stated it’s unsure if that data might have been sold on the dark web. Technology bloggers have reported that 10% of the stolen data were sold, but QUT Vice Chancellor Margaret Shiel says the university has no way of verifying if that’s true. "We don't have any evidence the information was used in any way," she said. Following guidance from security experts, the school refused to meet the attackers ransom demands, and while the school’s systems are back online, victims worry their data might be published and abused by cybercriminals.
A former QUT staff member of eighteen years, data scientist Smitha Mandre-Jackson has spent thousands of dollars to secure her household devices and private accounts after her data was potentially leaked in the breach. "Once your identity goes, it's very, very serious," she stated. Cybersecurity expert Professor Paul Haskell-Dowland agrees that the repercussions of the attack could play out for years. "If the data has been extracted from the organisation, you've effectively lost control of it," Haskell-Dowland stated. "So while you may be able to recover your systems and continue to conduct your business, the data that was potentially taken by the criminals, is likely being stored by them, and potentially could be reused in future campaigns.