Cyber Security NSW is investigating a data breach involving the personal information of Northern Rivers Resilient Homes Program applicants.

The state Reconstruction Authority says between March 12 and 15 a former contractor uploaded the information to ChatGPT, which was not authorised by the department.

“Since learning about the extent of this breach, we have engaged forensic analysts and are working closely with Cyber Security NSW to undertake an investigation to understand the scope and the risks arising from it,” it said. 

The probe is expected to be completed in coming days, giving a clearer understanding of the breach’s extent and specific data, which was in a spreadsheet containing 10 columns and more than 12,000 rows of information. 

Every row is being reviewed to assess what information may have been compromised, with early analysis indicating up to 3000 people may be affected by disclosures including names and addresses, email addresses, phone numbers and some personal and health information. 

“Continuous monitoring of the dark web and broader internet is ongoing and, to date, there is no evidence that any uploaded data has been accessed or distributed by a third party,” the Reconstruction Authority said.

People will be contacted this week with updates on what happened and whether they have been affected. 

“We understand this news is concerning and we are deeply sorry for the distress it may cause for those who have engaged with the program,” the authority said. 

The NSW Privacy Commissioner has been notified, and the authority says it has strengthened internal systems and processes, issued clear guidance to staff on the use of unauthorised AI platforms such as ChatGPT, and placed safeguards to prevent similar incidents.