Welcome to the

AI Incident Database

A man who posted deepfake pornographic images of prominent Australian women has been slapped with a hefty fine as a "strong message" in a first-of-its-kind case.

The Federal Court ordered Anthony Rotondo, also known as Antonio, to pay a $343,500 penalty plus costs on Friday after the online regulator eSafety Commissioner brought a case against him almost two years ago.

Rotondo admitted to posting the images on a website called MrDeepFakes.com, which has since been shut down.

The regulator had argued a significant civil penalty was needed to reflect the seriousness of the Online Safety Act breaches and the damaging impact the image-based abuse had on the women targeted.

"This action sends a strong message about the consequences for anyone who perpetrates deepfake image-based abuse," the watchdog said late on Friday.

"eSafety remains deeply concerned by the non-consensual creation and sharing of explicit deepfake images, which can cause significant psychological and emotional distress."

The commissioner took Rotondo to the Federal Court in 2023 after he replied to a removal notice, saying it meant nothing to him as he was not an Australian resident.

"Get an arrest warrant if you think you are right," he had said.

After a court ordered Rotondo to remove images and not share the pictures, he emailed them to 50 addresses including the eSafety Commissioner and media outlets.

The commissioner started Federal Court proceedings days after police found Rotondo had travelled from the Philippines to the Gold Coast.

He later admitted the contempt.

The images were taken down after Rotondo voluntarily provided passwords and other information to the commissioner's officers.

In a separate case, Queensland police apprehended him sitting at a table with a laptop in a Gold Coast apartment in December 2023.

Detectives had received a complaint that a Brisbane school had been sent an email that included deepfake images of students and teachers.

Earlier in September, the commissioner issued a formal warning to a UK-based technology company for enabling the creation of child sexual exploitation material.

AAP

Federal authorities on Wednesday announced the arrest of a Florida man they suspect deliberately started the Palisades fire, which tore across Los Angeles' west side this year.

Jonathan Rinderknecht, 29, allegedly conducted several incriminating searches on ChatGPT before and after starting the fire on New Year's Day. He has been charged by the Department of Justice with "maliciously" starting the fire.

Using ChatGPT, Rinderknecht conjured an image of a city engulfed in flames, federal prosecutors claimed.

Prosecutors say that in one search after the fire had started, he asked, "Are you at fault if a fire is lift [sic] because of your cigarettes?"

Rinderknecht had been driving for Uber on New Year's Eve, and passengers have said he was agitated, according to prosecutors. After finishing one fare in the Pacific Palisades, Rinderknecht started a fire on federal land with hiking trails, they allege.

He also called 911 and relocated to a vantage point where he watched firefighters and recorded video, according to an affidavit from an agent of the Bureau of Alcohol, Tobacco, Firearms and Explosives who investigated the case.

"While we cannot undo the damage and destruction that was done, we hope his arrest and the charges against him bring some measure of justice to the victims of this horrific tragedy," U.S. Attorney Bill Essayli said in a statement announcing the arrest.

The initial fire allegedly lit by Rinderknecht appeared to have been extinguished but smoldered under vegetation and reignited Jan. 7. The fire ended up killing 12 people and burning 6,000 buildings.

The Los Angeles area was simultaneously beset by the Eaton fire, which killed 19 people and destroyed 9,400 structures.

The complaint includes other digital evidence that allegedly incriminates Rinderknecht. According to the affidavit, he had been watching the video to a French song called "Un Zder, Un The" by Josman in which the musician sets things on fire.

The affidavit also contained the prompt that Rinderknecht typed into ChatGPT on July 11, 2024, to generate the image of a burning city.

The request: "A dystopian painting divided in to distinct parts that blend together seamlessly. On the far left, there is a burning forest. Next to it, a crowd of people is running away from the fire, leading to the middle. In the middle, hundreds of thousands of people in poverty are trying to get past a gigantic gate with a big dollar sign on it. On the other side of the gate and the entire wall is a conglomerate of the richest people. They are chilling, watching the world burn down, and watching the people struggle. They are laughing, enjoying themselves, and dancing. The scene is detailed and impactful, highlighting the stark contrast and the direct connection between the different parts of the world."

Kiwi investors are being caught by a new "pump and dump" scam, says the Financial Markets Authority (FMA) -- Te Mana Tātai Hokohoko.  

FMA Director of Markets, Investors and Reporting, John Horner says: "As we start World Investor Week, aimed at educating and protecting investors, it is timely to remind Kiwi investors about this latest version of the deepfake impersonation scam. We have issued a new warning."  

"This current scam uses social media scam advertisements featuring an impersonated business leader, encouraging investors to join a fake investor chat group. The FMA first raised its concerns about the impersonations in a public warning issued 19 August 2025, and has received further information showing the scam is part of a global network of scams aimed at market manipulation." 

A pump and dump occurs when a person buys shares in a company and starts an organised campaign to increase (or 'pump') the share price. They then sell (or 'dump') their shares and make a profit, while the other shareholders suffer financial losses as the share price falls. 

Often those running a 'pump and dump' use social media and online forums to create a sense of excitement about buying a company's shares by spreading false information about the company's prospects. This excitement and interest artificially drives the share price up as they lure investors.  This is considered a form of market manipulation. 

The pump and dump scam uses Facebook and Instagram ads impersonating a variety of well known Kiwi business leaders to target Kiwi investors, inviting them to join a chat group on a messaging platform such as WhatsApp. There, they are encouraged to use reputable trading platforms to buy low-value shares in companies listed on overseas exchanges, to artificially inflate the share price. The scammers sell their own shares at the inflated price and, when the price later drops, the victims are left bearing the loss.  

After a victim suffers a loss, the scammers often claim, falsely, that the victim is entitled to compensation or reimbursement. The scammers then collect personal information and further payments from the victims.  

"We have received a number of complaints, with multiple victims having lost significant amounts," said John Horner. 

"These complaints are likely only the tip of the iceberg. Because these impersonation pump and dump scams play out over days and weeks, it's possible there are others happening in New Zealand right now, with the scammers potentially pivoting to another company's shares.   

"We encourage New Zealanders to take extra care when considering investment decisions and seeking out investment advice. If an organisation is offering investment tips through social media, be cautious. Report any suspicious activity to the social media channel, to the company involved and to the FMA. 

"We urge extreme caution to investors impacted by this or other scams which may include 'opportunities' to trade out of this position or support to recover funds lost, these are also likely to be scams." 

"One of the FMA's functions is to promote the confident and informed participation of businesses, investors, and consumers in the financial markets.  

"We have therefore taken steps to urgently issue an updated public warning to raise awareness of how this scam impacts investors and educate the general public on how to avoid being scammed.

Investment advice group chats used in suspected pump-and-dump schemes

"Our aim is to make New Zealand an unattractive place for scammers to operate, by raising awareness of scam methods and encouraging investors to stop and think carefully before making investment decisions that might be driven by a scam." 

The FMA is also sharing case details with the relevant overseas financial regulators, given some of the pumped shares are listed on a US exchange (NASDAQ) and some of the pumped companies are based in China.  "There are currently similar scams operating overseas, with a warning recently issued by the FBI

Internet Crime Complaint Center (IC3) | Fraudsters Target US Stock Investors through Investment Clubs Accessed on Social Media and Messaging Applications

The FMA has also alerted New Zealand banks and businesses being impersonated to let them know the impersonation scam has pivoted and is using new tactics, and is encouraging them to share the FMA warning. 

Investment advice group chats used in suspected pump-and-dump schemes

Imposter Facebook pages used to promote WhatsApp investment scam

How the scam works

• Scammers promote investment club group chats through social media. Often, the scammers will publish ads impersonating business leaders or financial commentators to promote the group chats. In some cases, the scammers send unsolicited invitations to the group chats through messaging platforms like WhatsApp. 
• In the group chats, an 'investment mentor' provides trade recommendations to group members. The group chats appear to have dozens of members, but they are populated primarily with bot accounts controlled by the scammers. 
• The scammers may initially recommend purchasing shares of a large, well-known company such as Nvidia or Tesla. This is a tactic to build trust before drawing potential victims into the pump-and-dump scheme. 
• Eventually, the scammers will recommend shares in a smaller company. Members are often encouraged to message the investment mentor or their assistant directly, who will guide them through the investing process.
• Over several weeks or months, the victims' investments artificially inflate (or 'pump') the company's share price. The scammers then sell (or 'dump') their holdings at the inflated price. When the share price collapses, victims are left bearing the loss. 
• After the share price drops and the victims suffer a loss, the scammers may tell investors they are entitled to compensation or reimbursement. The scammers may ask victims to complete an online form, provide copies of their ID, or pay an application fees in order to gain access to the funds. This is a recovery scam, and is an attempt to harvest victims' personal information or extract further funds. 

How to recognise and avoid pump-and-dump schemes

1. Be cautious when interacting with ads for financial services on social media. If an ad features a well-known business leader or financial commentator, they may be an imposter. 

2. Do not engage with any unsolicited messages regarding financial advice or trade recommendations. 

3. Before you act on any trade recommendations, check that the person providing the advice is a licensed financial adviser registered on the FSPR. 

4. Be sceptical about urgent or time-sensitive trade recommendations, particularly for emerging or low-priced shares. Scammers will often pressure potential victims to act quickly, leveraging investors' fear of missing out.

What to do if you've been scammed

1. Stop engaging with the scammers. Do not provide any further personal information or payments to them. Report the group chats to WhatsApp and block the scammers on all devices.

2. If you have shared your bank account or credit/debit card details with the scammers, contact your bank immediately to secure your account.

3. If you have downloaded remote access software on the instructions of the scammers, immediately contact an IT professional to have your device checked for malware. If you have accessed your bank account or other payment systems while the remote access software was operating on your device, report this to the relevant account providers.

4. If you have shared any other personal information or downloaded any software at the scammers' request, contact IDCare for help creating a plan to secure your identity.

5. If you have followed the scammers' trade recommendations, contact the trading platform or sharebroker you used to carry out the trades and let them know about the scam.

6. If you are getting spam emails and text messages, report these to the Department of Internal Affairs here.

7. Tell a trusted relative or friend what has happened. They may help you see the situation more clearly, help you deal with the scammers, and suggest what to do next.

8. Contact Victim Support on 0800 842 846 or visit their website. They can provide free emotional and practical support and information.

9. Report the scam to the FMA.

An investment scam using a fake likeness of Trevor Manuel (pictured), the chairman of Old Mutual, is circulating on social media.

Last week, Old Mutual warned the public about the videos, which purportedly show Manuel providing investment advice and encouraging the public to invest in certain products.

Manuel, who was Minister of Finance from 1996 to 2009, is the latest high-profile individual whose likeness has been used in deepfake videos to peddle investment scams. Similar deepfake videos have featured Johann Rupert, Nicky Oppenheimer, and Elon Musk.

"It has come to my attention that there are social media posts using my image and artificial voice and pretending to either give people investment advice or requesting that they invest in products that I advise them to. Artificial Intelligence can easily be used by bad people," Manuel said in a statement.

Manuel said he does not give investment advice to anybody -- and it would be illegal for him to do so. The Financial Advisory and Intermediary Services Act, which was passed in 2002, stipulates that only authorised individuals can provide investment advice and offer financial products. Manuel said he was not so authorised.

"Too many people have lost their hard-earned money, especially what they've saved for later in life, stolen by crooks. I plead with you to protect your nest egg."

Regarding unauthorised products, the Financial Sector Conduct Authority recently warned the public to exercise caution when conducting financial services business with the following entities/individuals:

• Dazzle Brilliance Diamond (Pty) Ltd.
• Lucas Sekhorane Maake, who also operates as Skuriey.rsa on Telegram.
• Michael Jacobs and AMFX Solutions.
• Capital40 Investments.

None of the above is authorised by the FSCA to provide financial services to the public in South Africa.

The FSCA said it has received information that Dazzle is soliciting funds from members of the public for investment purposes, while promising unrealistic returns. Dazzle is reportedly encouraging individuals to "invest R2 500 and receive R6 000 in 40 days". The FSCA cautions that promises of unrealistic returns should be treated with great suspicion.

The Authority said it has come to its attention that Maake is offering forex signals and account management services to members of the public. Maake offered to trade on behalf of members of the public, in return for 50% of the profit generated through his trades.

"Providing signals refers to the practice of persons making recommendations to their clients in respect of trades and prices in financial products. The signal provider is remunerated through a subscription fee or a percentage of profits. Even in the instances of clients suffering trading losses, signal providers may benefit through commissions paid by brokers. It is not unusual for signal providers to provide fictitious signals and share fake trading patterns to lure clients into participating," the Authority said.

The FSCA said Jacobs is reportedly encouraging members of the public to "invest and enjoy 300% profit, receivable every month for six months".

The Authority said Capital40 is encouraging members of the public to invest between R1 000 and R400 000 and are promised monthly returns of between R320 and R128 000. Capital40 claims its providers investors with access to artificial intelligence trading software that makes automated trading decisions in financial markets and generates profits on behalf of clients.

Spot the red flags

The FSCA advises the public to remain alert when approached with attractive investment offers. These often come with warning signs that should raise immediate concern. Common red flags include:

• Promises of unrealistic or exaggerated returns.
• Offers made through social media platforms.
• Requests for upfront payments.
• Additional payments required to access your investment returns.
• Charges for training before you can invest.
• Pressure to act and pay urgently.
• Vague or unclear information about the investment product.

To check whether a person or business is authorised by the FSCA to operate as a financial services provider -- and to verify their FSP number -- the public can use any of the following options:

• Call the FSCA's toll-free line: 0800 110 443
• Search licensed financial institutions by category:
  https://www.fsca.co.za/Regulated%20Entities/Pages/List-Regulated-EntitiesPersons.aspx
• Search authorised FSPs under the FAIS Act:
  https://www.fsca.co.za/Fais/Search_FSP.htm

The NSW Reconstruction Authority (RA) is aware of a data breach involving personal information belonging to some people who applied for the Northern Rivers Resilient Homes Program (RHP).

The breach occurred when a former contractor of the RA uploaded data containing personal information to an unsecured AI tool which was not authorised by the department.

There is no evidence that any information has been made public, however, Cyber Security NSW will continue to monitor the internet and the dark web to see if any of the information is accessible online.

We understand this news is concerning and we are deeply sorry for the distress it may cause for those who have engaged with the program.

We will be contacting people this week with updates to let them know what has happened and whether they have been impacted or not.

Since learning about the extent of this breach, we have engaged forensic analysts and are working closely with Cyber Security NSW to undertake an investigation to understand the scope and the risks arising from it.

We expect the forensic analysis to be completed within the coming days. This will give us a clearer understanding of the extent of the breach and the specific data involved.

We know people will want to know exactly what has been shared and we are doing all we can to get that information to them as soon as possible.

So far, there is no evidence that any of the uploaded data has been accessed by a third party.

What happened?

Between 12 and 15 March 2025, personal information held for the Resilient Homes Program (RHP) was uploaded to the AI platform ChatGPT by a former RA contractor.

Once we understood the full scope of the breach, we took immediate steps to contain any further risk. We engaged forensic analysts, began working closely with Cyber Security NSW and launched a detailed investigation to determine what was shared, what risks may exist, and who was affected.

The data involved was a Microsoft Excel spreadsheet containing 10 columns and over 12,000 rows of information. Every row is being carefully reviewed to understand what information may have been compromised.

This process has been complex and time-consuming and we acknowledge that it has taken time to notify people. Our focus has been on ensuring we had the right information to contact every impacted person accurately and completely.

We understand people will have questions about how this happened and why notification has taken time. To help answer those questions, we've initiated an independent review.

What we know

Based on early forensic analysis, up to 3,000 people may be potentially impacted.

At this stage, the information we know that has been disclosed includes:

• Names and addresses
• Email addresses
• Phone numbers
• Some personal and health information

What we are doing

Within a week, we will contact anyone impacted to confirm exactly what data was shared and offer personalised support.

We're working with Cyber Security NSW to monitor the internet and dark web for any signs that this information is accessible online. Continuous monitoring of the dark web and broader internet is ongoing and to date, there is no evidence that any uploaded data has been accessed or distributed by a third party.

The NSW Privacy Commissioner has been notified and we've reviewed and strengthened our internal systems and processes and issued clear guidance to staff on the use of unauthorised AI platforms, like ChatGPT. Safeguards are now in place to prevent similar incidents in future.

What support is available?

To speak to someone on the phone about what has happened please call the RHP call centre on [1800 844 085](tel:1800 844 085) Monday to Friday, 9am-5pm (excluding public holidays).

RA will provide compensation for any reasonable out of pocket expenses if any compromised identity documents need to be replaced.

If you have any concerns about protecting your identity, NSW government agency ID Support can help prevent and recover from data breaches with expert advice, free resources and support. You can reach them via their website www.nsw.gov.au/id-support-nsw or call them on [1800 001 040](tel:1800 001 040), Monday to Friday, 9am-5pm (excluding public holidays). Interpreter services are available.

ID Support NSW can help by

• providing advice on compromised identification documents and how to restore your identity security
• guiding you on how to keep your personal identity information safe
• sharing options for additional support and counselling services.

We will continue to share updates and provide support to those who have been impacted.

We understand the seriousness of this breach and are deeply sorry for the potential impact on people. We remain fully committed to protecting their privacy and restoring trust in the Resilient Homes Program and the RA.

Frequently asked questions

What happened?

Personal information provided during applications for the RHP was uploaded by a former contractor of the RA to the Artificial Intelligence (AI) platform, ChatGPT.

The data shared was contained in a Microsoft Excel spreadsheet with 10 columns and more than 12,000 rows of information.

When did the breach occur?

The upload took place between 12 and 15 March 2025.

How many people were affected?

Our early analysis indicates that up to 3,000 people may be affected. 

Was this a cyber-attack or hacking incident?

No.

This incident occurred when an RA contractor uploaded information from a Microsoft Excel spreadsheet to an unauthorised third-party AI platform, ChatGPT.

Our internal security systems remain secure and have not been compromised.

What is ChatGPT?

ChatGPT is an online AI tool developed by a company called OpenAI. It allows users to ask questions or upload information to help generate written content or ideas.

What personal information was included in the uploaded file?

We're working through the forensic analysis and expect that to be completed within the coming days. At this stage we can confirm the following information has been disclosed:

• names and addresses
• email addresses
• phone numbers
• some personal and health information

Was my financial or banking information uploaded?

We expect to have a complete understanding of the information uploaded within the coming days. As soon as we know, we will contact you with the types of information potentially exposed.

Was any government ID or sensitive information included?

We expect to have a complete understanding of the information uploaded within the coming days. As soon as we know, we will contact you with the types of information potentially exposed.

What have you done to fix the issue?

We are working with Cyber Security NSW to monitor the internet and dark web to see if any of this information is accessible online. The NSW Privacy Commissioner has also been notified.

We have reviewed and strengthened internal systems and processes and issued clear guidance to staff on the use of non-sanctioned AI platforms. Safeguards are now in place to prevent future uploads of personal information into ChatGPT and other AI platforms. 

Have you reported the breach?

Yes, in line with the Privacy and Personal Information Protection Act 1998, the breach was reported to the NSW Privacy Commissioner.

What steps have been taken to ensure this doesn't happen again

We've conducted a full cyber security review and engaged technical and legal specialists. The RA has also implemented controls to block the upload of personal information into AI tools.

We will continue to update mandatory cyber security training and provide regular communication to ensure every employee is aware of their data obligations.

The RA will continue to review and implement any additional measures that may be needed to better protect the data that we hold.

We have also initiated an independent review of how this breach was identified and managed and will share those findings once it is completed.

What does the breach mean for me?

We believe the risk of misuse is low, however, we recommend staying alert for any suspicious emails or messages that ask for your personal details. 

What can I do to protect myself?

• be cautious of emails that look unusual or unexpected
• avoid clicking on links or opening attachments from unknown senders
• contact us if you receive any communication that references your participation in the RHP that is not from the RA.

Will I be contacted directly

Everyone who registered for the Resilient Homes Program will receive an email.

The email will be sent by the NSW Reconstruction Authority with the subject line: RHP Data Breach. The messages will begin going out in the coming days.

Please check your spam or junk folder if you don't see it in your inbox.

What support are you offering?

To speak to someone on the phone about what has happened please call the RHP call centre on [1800 844 085](tel:1800 844 085), Monday to Friday, 9am-5pm (excluding public holidays).

RA will provide compensation for any reasonable out of pocket expenses if any compromised identity documents need to be replaced.

If you have any concerns about protecting your identity, ID Support NSW can provide advice and assistance via their website www.nsw.gov.au/id-support-nsw or call them on [1800 001 040](tel:1800 001 040), Monday to Friday, 9am-5pm (excluding public holidays). Interpreter services are available.

Where can I find more information?

This website will include the most up to date information. You can also contact the RA on [1800 844 085](tel:1800 844 085).