AI Chatbots Leaking Real Phone Numbers: The PII Exposure Problem

AI chatbots are exposing real people's phone numbers. A Redditor reported being inundated with calls from strangers looking for a lawyer or locksmith—misdirected by Google's Gemini. In March a software engineer in Israel was contacted on WhatsApp after Gemini gave out his personal number as PayBox customer service. In April a PhD candidate got Gemini to output a colleague's cell number.

How It Happens

LLMs are trained on web scraped data containing PII. The article notes that the open-source DataComp CommonPool dataset includes résumés, driver's licenses, and credit cards. Even a single instance of a phone number posted online (e.g., on a QA site in 2015) can be reproduced years later.

Scale of the Problem

DeleteMe, which helps remove personal info from the internet, reports a 400% increase in AI-related privacy queries in the last seven months—up to a few thousand. Breakdown: 55% reference ChatGPT, 20% Gemini, 15% Claude, 10% others. Two common scenarios: a user asks about themselves and gets accurate home/phone data, or the chatbot generates plausible-but-wrong contact info for someone else.

Rob Shavell (DeleteMe co-founder) says complaints typically involve the chatbot returning accurate home addresses, phone numbers, family names, or employer details when asked innocuous questions about the user.

What Can Be Done

Experts say the root cause is PII in training data, but the exact mechanism is unclear. There is little users can do to prevent exposure. The article suggests the problem will worsen as AI companies seek new data sources.