Data breach exposes personal details of over 2,000 linked to NSW Resilient Homes Program

The New South Wales Reconstruction Authority (RA) has confirmed that personal information belonging to 2,031 individuals connected to the Northern Rivers Resilient Homes Program (RHP) was compromised after a former temporary employee uploaded sensitive data to an unauthorized artificial intelligence tool.

According to the agency, the breach occurred between March 12 and 15, 2025, when the employee uploaded a spreadsheet containing more than 12,000 rows of information to the AI platform ChatGPT, in violation of internal security protocols. The dataset included names, contact details, addresses, and dates of birth, along with some sensitive personal and health information. Authorities emphasized that no driver’s licence, Medicare, passport, or Tax File Numbers were exposed.

The RA said it is directly contacting all affected individuals and working with Cyber Security NSW and forensic experts to evaluate the scope and potential impact of the breach. So far, investigators have found no evidence that the information has been accessed by third parties or made publicly available online.

“We understand this news is concerning and we are deeply sorry for the distress it may cause,” the RA said in a statement. “Our priority has been to determine the full extent of the breach and ensure that every impacted person is notified correctly. We are offering personalized support and reinforcing our systems to prevent this from happening again.”

The authority has commissioned an independent review into how the breach was identified and managed, and has since tightened internal systems and staff protocols governing the use of non-sanctioned AI platforms.

Assistance is being provided through ID Support NSW, which is offering free advice and counselling to affected individuals. Residents can contact the service at 1800 001 040 or through the online portal at portal.idsupport.nsw.gov.au/s.

Authorities have urged those affected to remain alert for suspicious communications and to use two-step verification on online accounts. Impacted individuals are also advised to monitor their bank and credit card statements for any irregular activity.

The NSW Privacy Commissioner has been notified of the breach, and Social Futures, a community services organization, is assisting in outreach and support efforts.