News Feed
29 Apr 2026

NSW Treasury Breach Triggers Whole-of-Government Cyber Response

The NSW Government has declared a significant cyber incident after an alleged internal data breach involving a NSW Treasury staff member.

Data Theft.png

The incident exposed thousands of sensitive government documents and triggered a coordinated whole-of-government response.

According to a ministerial statement released by NSW Treasurer Daniel Mookhey on 21 April 2026, internal security monitoring detected a suspected transfer of a substantial cache of confidential commercial and financial documents to an external server. The files reportedly span multiple NSW Government departments and projects, raising immediate concerns about the potential exposure of sensitive commercial negotiations and agency information.

NSW Treasury reported the matter to NSW Police on Sunday, prompting a rapid investigation under Strike Force Civic and resulting in criminal charges being laid overnight. Authorities have since stated that the allegedly stolen data has been located and secured, and that there was no external compromise of NSW Treasury’s systems. This suggests the incident was not the result of an outside cyber intrusion, but rather an alleged insider breach involving unauthorised data access and transfer.

While no government services have been impacted, the seriousness of the incident prompted the NSW Chief Cyber Security Officer to activate a whole-of-agency response in line with the State’s cyber security plan. The declaration of a significant cyber incident signals the scale of the event and reflects the broader operational and governance risks posed when sensitive government information is mishandled internally.

For records and information management professionals, the incident is a sharp reminder that information risk does not always originate outside the firewall. Even with strong perimeter controls, internal access, user permissions, monitoring, and data movement controls remain critical points of vulnerability. This case reinforces the importance of robust information governance, access controls, audit trails, and defensible monitoring practices across high-value information environments.

Original source: Read the NSW Government ministerial release

Return to listing