Statement relating to the NSW Reconstruction Authority data breach

 

The Privacy Commissioner is aware of recent media reports regarding a data breach affecting the NSW Reconstruction Authority. 

The NSW Reconstruction Authority has advised the Commissioner and the Commissioner is engaged with them about the incident. 

The NSW Mandatory Notification of Data Breach (MNDB) Scheme requires reporting obligations for NSW public sector agencies. This includes informing the Privacy Commissioner as well as taking steps to notify affected individuals as soon as practicable if a data breach is likely to result in serious harm to individuals whose personal information is involved.

The IPC does not comment on the details of individual matters. Investigations of incidents are undertaken independently by the agency involved with reporting obligations required under the MNDB Scheme.

Privacy Commissioner Sonia Minutillo said, ‘This incident highlights the serious consequences and human impact of uploading government data and personal and sensitive information into public platforms like ChatGPT. 

‘This information must never be entered into public platforms and agencies have a responsibility to ensure their staff, including contractors follow all applicable guidelines for the safe and responsible use of artificial intelligence platforms.’ 

Reports about this incident may be understandably distressing to those who may be affected. If a data breach causes distress, there are support and resources available. Anyone concerned for their safety should contact NSW Police.

 

ENDS

 

For further information, please contact:

The Manager, Communications and Corporate Affairs on 0435 961 691 or email communications@ipc.nsw.gov.au

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent integrity agency that supports the NSW Information Commissioner and the NSW Privacy Commissioner.  Its vision is that privacy and access to government information are valued and protected in NSW. The Information Commissioner is the chief executive of the Commission. 

About the NSW Privacy Commissioner

Ms Sonia Minutillo was appointed as the Privacy Commissioner in March 2025. As Privacy Commissioner, her role includes the promotion of public awareness and understanding of privacy rights in NSW, as well as providing information, support, advice and assistance to agencies and the public.

The Privacy Commissioner administers the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).

For further information about the IPC visit our website at www.ipc.nsw.gov.au 

IPC Media Statement - NSW Reconstruction Authority - 10 October 2025
Aboriginal and Torres Strait Islander Flags
We acknowledge Aboriginal and Torres Strait Islander peoples as custodians of Australia and pay our respects to Elders, past and present. We also acknowledge the ongoing connection to land, sea and communities throughout Australia, and the contributions to the lives of all Australians. 

IPC logo.

© IPC

CC logo

Navigate

Useful links

IPC Social Media

   Linkedin

 

IPC Social Media Terms of Use