Commbank

CBA has been naughty, and too reliant on their AI boyfriend. Here’s what happened: A CBA customer contacted bank requesting contact details for Secretlab (a company that is not us, and makes chairs) CBA staff member queried ChatGPT (possibly via their own personal, unauthenticated access to ChatGPT) to obtain phone number for Secretlab (chairs) CBA staff disclosed the retrieved phone number to the requesting customer The retrieved phone number is a number belonging to one of the directors of Secret Lab (a company that does not make chairs, and is us), a customer of CBA, and is used for our CBA account and our Director’s CBA account Therefore, CBA disclosed customer personal information to another, unrelated customer, and trusted a third-party LLM (ChatGPT), accessed seemingly unauthenticated on the consumer ChatGPT platform, as a source for data to provide to another customer During investigation, CBA staff replicated the same ChatGPT query process, seemingly on a personal phone, again unauthenticated, and on the consumer ChatGPT platform: Signs indicate this might be routine practice amongst CBA staff Oh, and they gave out the phone number for us, Secret Lab (not chairs), to someone looking for Secretlab’s (chairs) phone number....