Anthropic Data Breach: AI startup Anthropic confirms it suffered a data leak

AI startup Anthropic has suffered a data breach, making it the latest in a series of companies to fall victim to data leak incidents. Unlike previous breaches caused by external hackers, this time the breach resulted from a human error. Anthropic disclosed last week that a contractor inadvertently sent customer information to a third party, impacting names and account balances. Anthropic clarified that the breach was due to human error and not a compromise of its system.

The disclosure of the data breach coincided with the Federal Trade Commission (FTC) announcing an investigation into Anthropic’s partnerships with Amazon and Google. However, Anthropic asserts that these incidents are unrelated.

The news surfaced when PC-centric news outlet Windows Report obtained and shared a screenshot of an email sent by Anthropic to its customers, acknowledging the leak of their information by a third-party contractor. The leaked information included “account name… accounts receivable information as of December 31, 2023” for customers. This revelation came just one day after the initiation of the FTC investigation into Anthropic.

Here’s the full text of the email:

Important alert about your account.

We wanted to let you know that one of our contractors inadvertently misdirected some accounts receivable information from Anthropic to a third party. The information included your account name, as maintained in our systems, and accounts receivable information as of December 31, 2023 – i.e., it said you were a customer with open credit balances at the end of the year. This information did not include sensitive personal data, including banking or payment information, or prompts/outputs. Based on our investigation to date, the contractor’s actions were an isolated error that didn’t arise from or result in any of our systems being breached. We also aren’t aware of any malicious behavior arising out of this disclosure.

The company also added that the contractor’s actions “were an isolated error” and that it wasn’t aware of “any malicious behavior arising out of this disclosure.” However, Anthropic emphasized:

“We are asking customers to be alert to any suspicious communications appearing to come from Anthropic, such as requests for payment, requests to amend payment instructions, emails containing suspicious links, requests for credentials or passwords, or other unusual requests.”

Recently, Anthropic clients received a cautionary letter regarding an upcoming data breach. If you happen to receive this letter, exercise caution with your clicks. It seems that one of their contractors mistakenly redirected some account information from Anthropic to a third party, raising concerns that this third party might exploit the data for personal gain.

Is Anthropic’s Data Leak Connected to the FTC Probe?

On Thursday, the Federal Trade Commission (FTC) disclosed that it had requested information from five companies, including Anthropic PBC, concerning their investments and collaborations with generative AI firms and major cloud service providers.

The FTC also reached out to Alphabet, Amazon, Microsoft, and OpenAI. Notably, both Google and Amazon have invested in Anthropic, indicating significant business ties within the AI domain.

While there’s no concrete evidence linking the Anthropic data breach to this investigation, heightened tension can lead to errors.

According to the letter from Anthropic, the leaked data includes account names and accounts receivable information as of December 31, 2023. Essentially, it reveals that you were a customer with outstanding credit balances at the year’s end.

This information did not include sensitive personal data, including banking or payment information, or prompts/outputs. Based on our investigation to date, the contractor’s actions were an isolated error that didn’t arise from or result in any of our systems being breached. We also aren’t aware of any malicious behavior arising out of this disclosure.

The Google-backed Anthropic was founded in 2021 by OpenAI’s former VP of research Dario Amodei (CEO), Jack Clark, Sam McCandlish, and Tom Brown. Sensing that generative artificial intelligence is going to have a major impact on the world, Dario struck out with his sister Daniela to create “large-scale AI systems that are steerable, interpretable, and robust.” Before co-founding Anthropic, Daniela Amodei was OpenAI’s vice president of safety and policy.

The startup came into the spotlight following the popularity of ChatGPT. The startup is recognized as one of the primary competitors to OpenAI. The potential deal for Anthropic, known for the Claude chatbot, underscores the continued strong interest of venture capital investors in major AI transactions, especially when the startups in question are generating substantial revenue.