Data ExfiltrationMedium

Samsung employees leak confidential data into ChatGPT

March 2023  ·  Samsung / OpenAI ChatGPT

What happened

Within about three weeks of Samsung lifting an internal ChatGPT ban, employees pasted confidential data into ChatGPT in at least three separate incidents, including proprietary semiconductor source code and internal meeting notes.

Root cause

No data-loss-prevention controls or usage policy governed what employees could submit to a third-party LLM that may retain submissions.

Fix / outcome

Samsung opened investigations and banned generative-AI tools on company devices, and reportedly began building an internal tool.

Sources

Gizmodo

Learn this attack class

This incident is an example of Data Exfiltration. Read the guide, then try it hands-on in the Academy.

Read the guide →Try the challenge

← Back to the Incident Database