Generative AI chatbots surfacing personal phone numbers in privacy breach
Experts attribute the leaks to training data scraped from the public internet, while data removal services report a surge in consumer complaints due to the lack of straightforward opt-out mechanisms.
Users of major generative AI platforms, including Google’s Gemini, OpenAI’s ChatGPT, and Anthropic’s Claude, are reporting that their personal phone numbers and private contact details are being surfaced by the chatbots. These privacy lapses have resulted in individuals receiving unsolicited calls and messages from strangers seeking services or assistance, with the contact information allegedly obtained through AI-generated responses.
The exposure stems from personally identifiable information (PII) embedded in the vast datasets used to train large language models. These datasets are scraped from the public internet, inevitably capturing millions of instances of private data. While AI providers have implemented guardrails to filter such information, these measures appear inconsistent, with models sometimes bypassing restrictions to provide accurate or plausible contact details.
Specific incidents highlight the scale of the issue. A software developer in Israel received a WhatsApp message from a stranger seeking help with a payment app account after prompting Gemini for customer service instructions. The chatbot provided the developer’s personal number, which had been shared online in 2015. Similarly, a PhD candidate at the University of Washington prompted Gemini with her colleague’s name, resulting in the chatbot revealing the colleague’s personal cell phone number.
In another instance, University of Washington students tested ChatGPT by asking for information about a professor. After the model initially refused, it suggested an “investigative-style” approach to narrow down property records. By providing a neighbourhood guess, the students were able to elicit the professor’s home address, purchase price, and spouse’s name from public records.
Data removal service DeleteMe reported a 400% increase in customer queries regarding generative AI privacy over the past seven months. Of these concerns, 55% referenced ChatGPT, 20% cited Gemini, and 15% mentioned Claude. The company’s co-founder noted that complaints typically involve either users discovering their own home addresses and phone numbers or encountering the exposed data of others.
Current privacy legislation, such as the California Consumer Privacy Act and Europe’s GDPR, does not clearly cover publicly available information scraped for training. Consequently, there is no straightforward mechanism for individuals to verify if their data is in a model’s training set or to compel its removal. Google offers a support document for users to object to data processing, while OpenAI’s privacy portal allows removal requests that may be declined for public interest reasons. Anthropic does not currently have a clear mechanism for users to request data removal.
Experts warn that the ease of accessing this data lowers the barrier for targeting individuals. With AI companies increasingly sourcing training data from data brokers and people-search websites, the likelihood of PII appearing in models is rising. Until more robust verification and removal processes are established, users face significant challenges in protecting their personal information from AI-generated exposure.
