▲ 32 r/ITManagers
We caught an employee pasting customer data into ChatGPT. None of our security tools flagged it.
Happened two weeks ago and I’m still unsettled by it. Employee was using a personal chatgpt account in chrome, pasting chunks of customer data to draft responses. Totally innocent intent, just trying to be efficient.
Our SIEM, EDR, CASB all saw none of it. The only reason we found out is cause their manager overheard them mention it in the break room.
The whole incident happened inside the browser and our entire security stack was blind to it. Makes me wonder what else were missing that happens in a browser tab.
Anyone else caught something like this? What did you do about it afterward?
u/TehWeezle — 6 days ago