Samsung employees allegedly leak data via ChatGPT
According to The Economist Korea, several Samsung engineers allegedly leaked confidential information by inputting it into ChatGPT, an AI-powered chatbot. Despite Samsung being apprehensive about adopting ChatGPT due to concerns about data confidentiality, three separate incidents occurred.
Samsung had previously warned employees not to enter private information into ChatGPT and to be cautious about the security of company information. However, three company engineers allegedly entered confidential information into the chatbot within just 20 days.
The first incident involved an engineer inputting Samsung's source code into the chatbot when looking for a solution to a bug. Another engineer recorded a company meeting, transcribed it using an audio-to-text application, and inputted the transcription into ChatGPT to create meeting notes. In the third incident, an engineer used ChatGPT to optimize a test sequence for identifying yield and defective chips.
As ChatGPT is a machine learning platform, all data inputted into the chatbot is used to train its algorithm. Therefore, the proprietary information entered by the Samsung engineers is now available to all 100 million monthly active users of the chatbot. To avoid such breaches, users are warned not to enter sensitive information into ChatGPT.
The use of ChatGPT has caused concern in other countries as well. In April, Italy temporarily banned ChatGPT due to concerns that the chatbot violates the General Data Protection Regulation (GDPR), which is a law concerning data and data privacy that imposes security and privacy obligations on those operating within the European Union (EU) and the European Economic Area (EEA).
The Italian data protection agency, Garante per la Protezione dei Dati Personali, accused OpenAI of violating GDPR by collecting and storing personal data to train ChatGPT. OpenAI has disabled ChatGPT in Italy and is working with Garante to address these concerns.
Despite the ban, the leader of Italy's League party, Matteo Salvini, criticized the decision, calling it "hypocritical" and "disproportionate."
The breach highlights the importance of companies taking measures to protect confidential information and avoid data breaches. It also highlights the need for cybersecurity professionals to stay up-to-date with the latest cybersecurity trends and technologies to prevent such incidents from occurring in the future.
