This work addresses a critical security vulnerability in existing machine unlearning methods, which may inadvertently leak private information about retained data when removing specified samples. For the first time, the paper exposes the reconstruction threat posed by “perfect retraining”–based unlearning mechanisms to the remaining dataset and introduces a novel security definition that jointly ensures privacy and utility. This definition is grounded in rigorous privacy analysis, formal modeling of reconstruction attacks, and formal verification techniques, enabling essential functionalities such as bulletin board operations, summation, and statistical learning. Theoretical analysis demonstrates that the proposed definition effectively mitigates reconstruction attacks targeting non-deleted data while preserving key computational capabilities, thereby addressing a significant gap in privacy guarantees within current unlearning frameworks.

Machine unlearning aims to remove specific data points from a trained model, often striving to emulate "perfect retraining", i.e., producing the model that would have been obtained had the deleted data never been included. We demonstrate that this approach, and security definitions that enable it, carry significant privacy risks for the remaining (undeleted) data points. We present a reconstruction attack showing that for certain tasks, which can be computed securely without deletions, a mechanism adhering to perfect retraining allows an adversary controlling merely $ω(1)$ data points to reconstruct almost the entire dataset merely by issuing deletion requests. We survey existing definitions for machine unlearning, showing they are either susceptible to such attacks or too restrictive to support basic functionalities like exact summation. To address this problem, we propose a new security definition that specifically safeguards undeleted data against leakage caused by the deletion of other points. We show that our definition permits several essential functionalities, such as bulletin boards, summations, and statistical learning.