The New South Wales Reconstruction Authority (RA) experienced a data breach involving the Northern Rivers Resilient Homes Program (RHP), where a former temporary employee improperly uploaded sensitive personal information of 2,031 individuals to an unauthorized AI tool. The exposed data included personally identifiable details linked to participants of the RHP, a program designed to assist flood-affected residents in rebuilding resilient homes. The breach was caused by internal human error, specifically the mishandling of data by an employee with temporary access. While the exact nature of the compromised data (e.g., financial records, addresses, or identification numbers) was not fully disclosed, the incident highlights vulnerabilities in employee data governance and third-party tool misuse. The RA confirmed the breach but did not specify whether the exposed data was further exploited or accessed by malicious actors. The incident underscores risks associated with insider threats and the need for stricter controls on data sharing, particularly with external platforms.

A major data breach occurred in the Northern Rivers Resilient Homes Program, managed by the NSW Reconstruction Authority (RA), after a former contractor improperly uploaded sensitive data to ChatGPT between 12–15 March 2025. The exposed file contained over 12,000 records, including personal details (names, addresses, contact info) and health data, potentially affecting up to 3,000 individuals. While no evidence suggests third-party access, the breach triggered a forensic investigation by Cyber Security NSW and an independent review to assess delays in notification (spanning months). The RA has strengthened AI usage policies and is offering free identity support (ID Support NSW) and compensation for document replacement costs. The incident highlights risks of unauthorized AI platform use in handling sensitive government program data, with long-term reputational and operational consequences for the authority.

A major data breach at the NSW Reconstruction Authority (RA) exposed the private information of up to 3,000 northern NSW residents affected by the 2022 floods. The breach occurred in March 2024 when a former contractor uploaded a spreadsheet containing over 12,000 rows of data from the Northern Rivers Resilient Homes Program to ChatGPT. The leaked data included names, addresses, email addresses, phone numbers, and sensitive personal and health information of program applicants—individuals seeking home buybacks or flood-resilience upgrades.While there is no confirmed public exposure of the data, the RA acknowledged the risk could not be ruled out. The authority delayed notifications due to the complexity of identifying all affected individuals and verifying the scope of the breach. Investigations involved Cyber Security NSW and forensic analysts, with the NSW Minister for Recovery expressing regret over the incident. The RA began contacting impacted residents in the week following the disclosure, offering support but facing criticism for the delayed response and potential reputational harm to the affected community.