An NSW Treasury staff member stands accused of exfiltrating a “substantial cache” of more than 5600 sensitive documents authored by multiple state departments.
The NSW treasurer Daniel Mookhey revealed the alleged data breach on Tuesday afternoon, saying it was detected via “internal security monitoring”.
NSW Police said in a separate statement that the breach was reported to them last Sunday.
“Internal security monitoring detected a suspected transfer to an external server of a substantial cache of documents containing confidential commercial and financial information,” Mookhey said.
“The files cover multiple NSW government departments and projects.
“While the police are continuing their investigation, they believe all the alleged stolen data has been located, is now secure, and there was no external compromise to the agency’s system.”
NSW Police said its cybercrime squad arrested a 45-year-old man in Sydney’s CBD yesterday and seized electronic devices including a hard drive in a separate raid on a home in Homebush West.
Mookhey told a press conference that the person “has been an employee of the NSW Treasury for around three years.”
“They are a person who works in Treasury’s commercial team.
“The Treasury’s commercial team is involved in, for want of a better term, a lot of the government’s commercial relationships. They also are involved in a variety of significant government transactions or negotiations with the private sector.”
The man was charged with access/modify restricted data held in computer and has been bailed to appear before the Downing Centre Local Court on June 3.
The government said the NSW chief cyber security officer is coordinating a whole-of-agency response, as per the state’s cyber security plan.
“There is no current impact to any NSW government service,” it said.
Mookhey thanked both NSW Police and Cyber Security NSW “for their rapid actions since Sunday.”
