DocumentedData Privacy & Regulatory ViolationMarch 2023South Korea

Samsung Employees Leak Confidential Data to ChatGPT

Within ~20 days of Samsung allowing engineers to use ChatGPT, three separate confidential data leaks occurred: proprietary semiconductor source code, defect-detection algorithms, and internal meeting recordings, all uploaded to ChatGPT consumer tier which retains inputs for training by default.

AI system:ChatGPT (consumer tier, OpenAI)

Impact

Confidential semiconductor source code unrecoverable. Samsung imposed 1024-byte prompt limit then full ban May 2023. Cyberhaven research found 3.1% of enterprise workers pasted confidential data into ChatGPT. Became the canonical AI data exfiltration case.

Outcome

Samsung began building internal LLM. JPMorgan, Verizon, Amazon, Walmart, Apple imposed restrictions. Italy's Garante cited retention concerns in March 2023 temporary ChatGPT ban.

Sources

  1. Source 1Cybersecurity Dive / Economist Koreawww.cybersecuritydive.com/news/Samsung-Electronics-ChatGPT-leak-data-privacy/647219/
  2. Source 2Gizmodogizmodo.com/chatgpt-ai-samsung-employees-leak-data-1850307376
  3. Source 3Dark Readingwww.darkreading.com/vulnerabilities-threats/samsung-engineers-sensitive-data-chatgpt-warnings-ai-use-workplace

Related incidents

Same category, country, or harm tier.

Israel·May 2, 2023
Amnesty: Israeli 'Red Wolf' Facial Recognition in the West Bank
Amnesty International's May 2023 report 'Automated Apartheid' documented Israeli use of an experimental facial recognition system, Red Wolf, deployed at military checkpoints in the H2 area of Hebron. The system scans Palestinians' faces and adds them to vast surveillance databases (Wolf Pack and Blue Wolf) without consent. The report, based on 2022 field interviews and testimony from current and former Israeli military personnel, framed the deployment as automating restrictions on Palestinian movement.
Italy·2023-02-02 (ban); 2025-05-19 (fine)
Italy Replika Chatbot Ban and 5M Euro Fine
Italy's Garante issued an urgent order halting Replika from processing Italian user data February 2023. Found: no effective age verification (only name, email, gender); no valid legal basis for processing; sexually suggestive content served to minors; English-only privacy policies citing US COPPA instead of GDPR; significant risks to emotionally vulnerable adults, some of whom reported mental-health crises when erotic roleplay was later restricted.
Multi-country·2021 to 2025 (ongoing)
Clearview AI Cascading EU Regulatory Fines
Clearview AI scraped 10+ billion facial images from social media and public sources to build a facial recognition database sold to law enforcement and private clients. Coordinated complaints filed May 2021 by Privacy International, noyb, Homo Digitalis, and Hermes Center in 5 EU countries. Clearview refused to comply with GDPR Article 27 (EU representative requirement) and ignored legal notices.
← Back to all incidentsSee full catalogue