NSW Government Confirms Data Breach Involving Treasury Documents
The NSW Government declared a significant cyber incident after internal security monitoring detected the unauthorized transfer of a large volume of confidential commercial and financial documents to an external server. The files, spanning multiple government departments and projects, were allegedly accessed by a NSW Treasury staff member.
The NSW Chief Cyber Security Officer is leading a whole-of-agency response under the state’s cybersecurity plan. While no disruption to government services has been reported, NSW Police launched an investigation Strike Force Civic after Treasury reported the breach on Sunday. Authorities state that all allegedly stolen data has been located and secured, with no evidence of external system compromise.
Overnight, criminal charges were filed as part of the ongoing probe. The incident coincides with other government updates, including a 3.5% pay rise for frontline community services workers in the 2025-26 Budget and the upcoming retirement of TCorp Chief Executive David Deverall. Despite the breach, NSW retained its Triple-A credit rating from Fitch Ratings, reflecting continued financial stability.
The government has acknowledged the rapid response by NSW Police and Cyber Security NSW in containing the incident. Further details on the investigation remain under wraps as authorities proceed with legal action.
Source: https://www.nsw.gov.au/ministerial-releases/cyber-incident
NSW Treasury cybersecurity rating report: https://www.rankiteo.com/company/nsw-treasury
"id": "NSW1776803465",
"linkid": "nsw-treasury",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Public Sector',
'location': 'New South Wales, Australia',
'name': 'NSW Government',
'type': 'Government'}],
'attack_vector': 'Insider Threat',
'data_breach': {'data_exfiltration': 'Unauthorized transfer to an external '
'server',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Confidential commercial '
'documents',
'Financial documents']},
'description': 'The NSW Government declared a significant cyber incident '
'after internal security monitoring detected the unauthorized '
'transfer of a large volume of confidential commercial and '
'financial documents to an external server. The files, '
'spanning multiple government departments and projects, were '
'allegedly accessed by a NSW Treasury staff member.',
'impact': {'data_compromised': 'Confidential commercial and financial '
'documents',
'downtime': 'No disruption to government services reported'},
'investigation_status': 'Ongoing (Strike Force Civic)',
'references': [{'source': 'NSW Government Statement'}],
'regulatory_compliance': {'legal_actions': 'Criminal charges filed'},
'response': {'containment_measures': 'All allegedly stolen data has been '
'located and secured',
'incident_response_plan_activated': 'Whole-of-agency response '
'under the state’s '
'cybersecurity plan',
'law_enforcement_notified': 'Yes'},
'threat_actor': 'NSW Treasury staff member',
'title': 'NSW Government Data Breach Involving Treasury Documents',
'type': 'Data Breach'}