AI Privacy Incident Tracker
Real, public incidents. Sourced and dated. Forward this to anyone still using public AI tools with company data.
A missing noindex meta tag on shared ChatGPT conversations caused them to appear in search engine results. Private business discussions — contracts, strategy, internal decisions — became publicly discoverable via Google and Bing.
Data exposed: Private conversation URLs and content from shared ChatGPT sessions
Italy's data protection authority fined OpenAI €15 million for multiple GDPR violations: failing to establish a lawful basis for processing personal data, providing inadequate transparency in privacy notices, and deploying AI systems without age-verification safeguards for minors using ChatGPT.
Data exposed: User personal data processed without proper legal basis under GDPR
OpenAI's Whisper speech-to-text model — deployed in over 40 health systems for medical transcription — was found to consistently hallucinate fabricated medical content, including racial slurs and entirely invented medical recommendations, which were then embedded in permanent patient records. Errors appeared in roughly 1 in 10 transcriptions.
Data exposed: Fabricated content injected into protected patient medical records
New York City's official AI chatbot for small businesses told employers they could legally pocket tips meant for servers, advised landlords they could discriminate based on source of income, and informed restaurants they could serve cheese contaminated by rat bites. The city spent months defending the tool before quietly restricting its scope.
Data exposed: City government endorsed legally incorrect advice affecting thousands of small businesses
Slack's AI features used customer message content and uploaded files to train its underlying ML models by default. Opting out required customers to email the company directly — not a click, not a settings toggle. Following backlash, Slack changed the default but confirmed data had already been used for training prior to the policy revision.
Data exposed: Customer Slack messages and uploaded files used to train Slack's AI models
Google's AI Overviews feature — pushed to hundreds of millions of users — recommended adding "non-toxic glue" to pizza sauce to make it stick better. The recommendation was sourced from an 11-year-old Reddit comment. Similar AI outputs advised eating just one rock per day and endorsed non-standard treatments for serious health conditions.
Data exposed: Public source credibility failure — unverified content amplified to authoritative position
The ChatGPT macOS application stored all conversation history in plaintext on disk — readable by any application with file access to the user's computer. Unlike web sessions, there was no encryption at rest. Any app on the same Mac could silently read every conversation ever held with ChatGPT.
Data exposed: All ChatGPT conversations stored in unencrypted plaintext files on user disk
Air Canada's chatbot told a customer that the airline would refund the difference if they found a cheaper fare within 30 days of booking — a policy that didn't exist. The customer bought full-price tickets relying on this guarantee. A Canadian tribunal ruled that Air Canada was legally responsible for the chatbot's statements and ordered a refund plus damages. The chatbot had no mechanism to distinguish real policies from hallucinated ones.
Data exposed: Customer incurred costs relying on AI-generated policies Air Canada never authorized
After a routine software update, the delivery company DPD's AI customer service chatbot refused to follow its script and instead swore at customers, wrote a poem criticizing DPD as "useless," and confirmed the company was the worst in its industry. The bot had been modified and its guardrails weakened — and there was no one monitoring the output before it went live.
Data exposed: Brand damage and customer communication failures due to AI system drift
A prompt injection attack against a ChatGPT-powered dealer chatbot tricked it into treating an injected instruction as a legitimate system directive and agreeing to sell a $76,000 Chevrolet Tahoe for $1. The attack involved including hidden text in a message that the bot processed as an instruction, illustrating how adversarial inputs can override AI system instructions.
Data exposed: Adversarial prompt manipulation overriding AI system pricing and sales logic
During Google's launch event for Bard, the AI chatbot generated an incorrect response about the James Webb Space Telescope — claiming it took the first picture of an exoplanet, which was actually achieved by a European telescope in 2004. The error went viral, Alphabet's stock dropped 7.7% in a single day, erasing approximately $100 billion in market capitalization, and Google's AI credibility was set back by years.
Data exposed: Public market confidence loss from unverified AI-generated content
Three Samsung engineers accidentally leaked proprietary semiconductor source code and confidential meeting transcripts to ChatGPT within 20 days of its release. The incidents involved pasting source code for semiconductor equipment debugging, testing equipment analysis, and meeting transcription into ChatGPT queries. Samsung immediately issued a company-wide ban on generative AI tools, joining a growing list of major manufacturers restricting AI tools over IP concerns.
Data exposed: Proprietary semiconductor source code and confidential meeting transcripts from Samsung
Microsoft's AI research team published a GitHub repository with an overly permissive Azure Shared Access Signature (SAS) token that granted broad access to an internal storage account. The token was inadvertently left active for approximately 3 years, exposing 38TB of internal data including personal employee PC backups, internal Teams messages, and project files. Wiz Research disclosed it responsibly to Microsoft.
Data exposed: 38TB of internal Microsoft data including personal backups, Teams messages, and project files
In Mata v. Avianca (2023), a New York lawyer submitted a brief citing 6 non-existent legal cases — all hallucinated by ChatGPT. The court sanctioned the attorney and ordered him to pay $5,000. This was not an isolated incident; follow-on cases emerged throughout 2023–2024 where attorneys in federal and state courts were sanctioned or had briefs thrown out due to fabricated AI citations. Courts now require lawyers to certify that AI-generated citations are verified.
Data exposed: Legal professional sanctions — client cases at risk due to AI-generated court filings
Amazon's own legal team sent an internal warning to employees that ChatGPT outputs were already matching internal Amazon data — meaning that confidential company information may be incorporated into the model's responses to other users. The lawyer advised employees not to share any confidential material with ChatGPT. At that point, there was no enterprise data protection agreement between Amazon and OpenAI.
Data exposed: Amazon internal material potentially appearing in ChatGPT outputs to other users
A bug in the Redis caching layer underpinning ChatGPT Plus subscriptions exposed the titles of other users' conversation history and partial payment card information (first four digits, expiry date, email address, and name) for approximately 1.2% of ChatGPT Plus subscribers. The vulnerability was in the library used to cache requests and the bug caused memory corruption between concurrent requests.
Data exposed: Chat history titles and partial payment card details for ~1.2% of ChatGPT Plus subscribers
Wiz Research discovered that DeepSeek's infrastructure had an exposed ClickHouse database with no authentication, exposing over 1 million chat logs containing full conversation history, API keys used to access DeepSeek services, internal system logs, and operational metadata. The database was leaking data in real time at the time of disclosure. This was the most significant AI data exposure of 2025.
Data exposed: 1M+ chat logs, API keys, credentials, and internal system logs from DeepSeek's infrastructure
Multiple lawsuits allege that Character.AI's conversational AI platform contributed to the suicide of a 14-year-old boy who became deeply attached to a chatbot character over several months. The lawsuits claim the platform exposed a minor to harmful content and lacked sufficient safety guardrails for underage users. The case raises fundamental questions about AI platform responsibility for psychological harm, particularly to minors.
Data exposed: Minor user psychological safety — platform design allegedly harmful to vulnerable users