Security News > 2024 > July > Not-so-OpenAI allegedly never bothered to report 2023 data breach

Security in brief It's been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization, and that its ChatGPT app for macOS was coded without any regard for user privacy.

According to an exclusive report from the New York Times, citing a pair of anonymous OpenAI insiders, someone managed to breach a private forum used by OpenAI employees to discuss projects early last year.

Execs who disclosed the breach to employees didn't think it was much of a threat, because it was believed the miscreant behind the breach was a private individual unaffiliated with any foreign governments.

The ChatGPT maker committed to setting up an AI safety committee after the departures of Sutskever and Jan Leike - the head of OpenAI's previous safety team devoted to tackling the long-term threats of AI. Whether news of a secret, heretofore unreported, breach that OpenAI leadership reportedly thought it knew better about than federal regulators will help repair its tarnished safety reputation is anyone's guess.

American insurance provider Prudential has updated the total number of victims whose data was stolen in a February data breach - from 36,000 to over 2.5 million.

The victim count update didn't include any additional details as to how the breach occurred, and a new breach letter wasn't attached to the notice.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/08/infosec_in_brief/