Skip to main content
close search
site logo
Dive Brief

Samsung employees leaked corporate data in ChatGPT: report

Published April 10, 2023
Lindsey Wilkinson's headshot
Reporter
A Samsung flag flies outside the Samsung office on August 25, 2017 in Seoul, South Korea.
A Samsung flag flies outside the Samsung office on August 25, 2017 in Seoul, South Korea. Chung Sung-Jun via Getty Images

First published on

CIO Dive

Dive Brief:

  • In three separate instances, Samsung Electronics employees in the company’s semiconductor business unit put sensitive corporate data into ChatGPT, according to a report from The Economist Korea.  
  • One Samsung employee entered faulty source code related to the Samsung Electronics facility measurement database download program to find a solution. Another employee entered program code for identifying defective equipment to get code optimization. The third employee converted a smartphone recording of a company meeting to a document file and entered it into ChatGPT to get meeting minutes, according to the report. 
  • After data was leaked, the company implemented an upload capacity of 1024 bytes per prompt, according to the report. Samsung Electronics did not respond to requests for comment. 

Dive Insight:

ChatGPT’s web-based interface uses input data to train and improve the tool. In doing so, there are data privacy concerns if employees enter corporate data as part of their prompt. 

The fear is that if employees input company data into ChatGPT, the AI could incorporate the information into its learning model. That information could become a part of its knowledge base and other users, when prompting ChatGPT, could see responses with proprietary data.  

For enterprise users accessing ChatGPT through its API, OpenAI added parameters around training data. Enterprise data submitted through the API is not used for model training or other service improvements unless organizations decide to opt in. API users also have a default 30-day data retention policy with options for shorter retention windows.

While ChatGPT and its GPT-4 engine can be used to aid programmers, companies need to be clear about what can be included in prompts to avoid internal leaks of company data. 

Nearly half of HR leaders said they are in the process of formulating guidance on employee usage of OpenAI’s ChatGPT, according to Gartner data. 

Data privacy concerns have pushed businesses and governments to question the security of OpenAI’s models and ChatGPT. Italy imposed an immediate temporary limitation “on the processing of Italian users’ data by OpenAI,” citing a ChatGPT bug in March as one of the reasons behind the decision. 

There was a significant issue in OpenAI’s ChatGPT last month due to a bug in an open-source library, causing a small percentage of users to see the titles of other active users’ conversation history. 

OpenAI conducted an investigation into the issue that found the same bug, which is now patched, caused 1.2% of active ChatGPT Plus subscribers to have payment-related information leaked, including first and last name, email address, payment address, the last four digits of a credit card and credit card expiration date, OpenAI said in a March blog post.

Filed Under: Breaches

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell