Treasury official charged over alleged data breach involving thousands of government documents

A NSW Treasury official has been charged by cybercrime detectives over an alleged data breach involving thousands of commercially sensitive government documents spanning the “whole of government”.

NSW Police on Monday arrested and charged 45-year-old Jagan Ganti Venkata Satya with accessing or modifying restricted data after receiving reports that more than 5600 sensitive documents had allegedly been accessed and downloaded by a staff member.

NSW Treasurer Daniel Mookhey said the government had declared a significant cyber incident after internal monitoring detected a suspected transfer to an external server of a substantial number of documents containing confidential commercial and financial information.

“It is serious information. It is commercial in confidence; information that involves current government negotiations, previous government negotiations and interactions … that’s the reasons why it was declared to be a significant cyber incident,” he said on Tuesday afternoon.

“An incident like this requires us to re-examine every system that applies to the NSW Treasury, and that is something I’m very clearly determined to do, and I’m very clearly determined to ensure that people can have confidence when they deal with us.”

Ganti, when contacted by the Herald, said: “I haven’t done anything corrupt or wrong or sold anything, anything like that”. He said he had fully co-operated with authorities.

The bureaucrat had worked in Treasury’s commercial team for three years. It dealt with significant government transactions and negotiations with the private sector, Mookhey said. The government was still working through whether third-party information was involved in the alleged breach.

At this stage, there was no evidence to suggest the data had been transmitted beyond the person’s external server, nor that foreign actors were involved in the alleged theft, the Treasurer said.

The data was allegedly transferred between April 10 to 14 and covered multiple government departments and projects, a government source not authorised to speak publicly confirmed. The alleged breach was detected three days after the final transfer.

“They span the whole of government. We are effectively notifying all agencies and all departments; that is part of what’s required as part of our cybersecurity protocols,” Mookhey said.

Ganti worked in Treasury’s major projects division, according to an online profile. The division provides commercial and financial advice on major infrastructure, energy transition and capital projects. It also partners with the private sector on major projects.

In a statement, police said that detectives attached to the state’s cybercrime squad began an investigation and arrested the man on Monday afternoon. They executed a search warrant at a home in Homebush West and seized electronic devices including a hard drive.

The bureaucrat was granted conditional bail and is due to face Downing Centre Local Court on Wednesday, June 3.

“While the police are continuing their investigation, they believe all the alleged stolen data has been located, is now secure, and there was no external compromise to the agency’s system,” the government said in a statement.

The transfer represents another alleged major data breach for the NSW government. The Herald has previously reported three incidents at the Department of Education, including the leaking of students’ adaptive behavioural testing and parents’ personal information.

Start the day with a summary of the day’s most important and interesting stories, analysis and insights. Sign up for our Morning Edition newsletter.