The Ninja Sensei’s Logbook: Employees as the weakest link: Samsung’s data breach using ChatGPT
Last month, Samsung’s employees were reported to have disclosed confidential information while using ChatGPT to assist with their tasks. This occurred because engineers in its semiconductor division utilised the ChatGPT to address issues with their source code.
However, by doing so, they submitted sensitive data, including the source code for a new program and internal meeting notes about their hardware.
Throughout the digital history, employees have been considered the weakest link in an organisation’s cybersecurity, particularly if there are no policies in place to regulate possible errors in the workplace.
The data that was breached was sensitive data and not personal data. But if it were personal data, the organisation could have been made to pay a hefty financial penalty.
To prevent detrimental data breaches in the future, the following are best practices that organisations could follow:
✅ Regular employee training on data protection and AI usage
✅ Establishing clear input guidelines for AI services to prevent unintentional data leaks
✅ Continuously monitoring AI-assisted tasks to ensure data security
✅ Restricting access to confidential data only to authorised personnel
✅ Instituting internal guidelines for AI usage and handling sensitive information
By adopting these practices, organisations can minimise the likelihood of sensitive data exposure and ensure compliance with data protection standards.
P.S. Got questions or do you need help with your cybersecurity and data protection compliance journey? Don’t hesitate to reach out to your friendly cybersecurity and data protection experts at Privacy Ninja. We are always a text/call or email away!
📱 WhatsApp: +65 8750 4250
📧 email: email@example.com