A public servant within the largest Treasury department in Australia has been arrested after the alleged theft of a huge trove of confidential data.
The 45-year-old employee, who has been with NSW Treasury's commercial team for three years, is accused of illegally transferring some 5600 files onto an external server.
They contained confidential commercial and financial information about various government departments and projects including current and previous government negotiations.
The "large cache of documents" were purportedly transferred between April 10-14, with cybercrime squad detectives alerted on Sunday before the man's arrest on Monday, NSW Treasurer Daniel Mookhey said.
"It is serious and it has been taken seriously. That's the reason why it was declared to be a significant cyber incident," he told reporters on Tuesday.
"Everyone knows cyber risks are going up ... that's affecting government, that's affecting business, that's affecting the non-for-profit sector, it's affecting everyone - it's affecting people."
The employee who worked in the commercial team was involved in significant government negotiations with the private sector and in procurement, the treasurer said.
The alleged stolen data had been secured and there was no external compromise to the agency's system, police said.
The man was arrested late on Monday and charged with accessing restricted data.
Detectives seized electronic devices including a hard drive.
He was granted conditional bail and will face court on June 3.
Other NSW government agencies have been hit with data breaches in the past year including the hacking of some 9000 files from online court-filing system JusticeLink using an automated account in March 2025.
The personal data of up to 3000 flood victims were also uploaded to ChatGPT by a former contractor of the NSW Reconstruction Authority in October 2025.
