Sensitive information of major service providers sent out in Finance Department bungle
Up to 400 professional service providers - including KPMG, Accenture, Deloitte and Minter Ellison - have had their fees and other sensitive material revealed in an email blunder by the Department of Finance.
Up to 400 of the nation’s biggest service providers – including Australia’s largest professional services firms – have become victims of a damaging Department of Finance bungle after officials shared commercial in-confidence fee rates and personal information.
The accidental release of sensitive contract details across hundreds of competitors emerged in the last 48 hours after Finance department officials last week emailed individual fee schedule updates to service providers, which included an “embedded” spreadsheet.
On Tuesday and Wednesday, frantic Finance department officials contacted 236 service providers, telling them to delete the attached spreadsheet as it contained sensitive information, asking for written confirmation of the deletion and flagging they will need to sign “statutory declarations to ensure third-party confidential information is not disclosed”.
In an extraordinary repeat of the original mistake by the Department of Health in November last year, in which Health officials accidentally leaked the billing rates of around 400 firms to 22 service providers, the updated fee schedule distributed last week was intended to rectify that error.
The updated fees incorporated increases in line with the Wage Price Index for the Management Advisory Services panel.
Documents seen by The Australian show supplier names, service provider names and price scales across different levels for major firms including KPMG, Boston Consulting Group, Accenture, Deloitte, Proximity, Nous Group and Minter Ellison. The document, found in a hidden tab, included contact details such as email addresses and phone numbers of key staff and some chief executives.
The Australian understands that service providers and consulting firms caught-up in the bungle are furious about their fees and other sensitive information being leaked to competitors. Smaller firms are concerned that larger companies could use the information to price them out of work.
Opposition finance spokeswoman Jane Hume said “companies and individuals impacted by this gross incompetence may exercise their rights against the Commonwealth, potentially costing taxpayers millions”.
The Coalition frontbencher said Finance Minister Katy Gallagher must “come clean on how hundreds of businesses have had their privacy and commercial arrangements breached under her watch”.
“It is staggering that the Department of Finance under Minister Gallagher has released information on up to 400 companies, some with personal details of individuals, only months after a similar breach had to be cleaned up,” Senator Hume said.
“When the original breach occurred in November, the Minister tried to brush concerns away with claims that appropriate steps had been taken. Clearly, she was wrong. This isn’t just a one off, this is now a track record of incompetence.
“In the latest breach, it was only days later that the Department of Finance became aware of the fact that they breached privacy and commercial confidentiality arrangements. This will damage the public confidence in government procurement processes and the certainty of any business working with the Commonwealth in the future.”
Senator Hume said “companies impacted need more than an apology from the Department, and clearly no assurance that this problem won’t be repeated will suffice”.
The Victorian Liberal Senator said Senator Gallagher must “explain why she didn’t put more effort into resolving the damage caused by the same breaches of privacy and commercially sensitive information when it happened only three months ago, and to prevent it from happening again”.
“Instead we got bland assurances that it wouldn’t. Now we see that she was still asleep at the wheel. Because of the Minister’s lack of interest in her job, the jobs of others have been put at risk,” she said.
“So much for a Finance Minister who is focussed on the job at hand and reducing the Commonwealth’s legal bill.”
In a note sent to suppliers on Wednesday evening, the Department of Finance confirmed that Secretary Jenny Wilkinson “has initiated an independent review of the matter (and the inadvertent release in November 2023)”.
Recently retired Commonwealth and ACT Ombudsman Michael Manthorpe will conduct the review. Hundreds of suppliers who received the confidential document were told that the Manthorpe Review will “consider the circumstances that led to unauthorised disclosure of the information, as well as the department’s systems and processes”
“On 14-15 February 2024, the Department of Finance, as contract managers for the Management Advisory Services Panel, emailed 236 suppliers with details of their updated pricing,“ the note said.
“The e-mail included embedded information with some third-party confidential information. Please note that no third-party confidential information would have been accessed or viewed by a person who simply opened the e-mail or its attachments.
“Upon becoming aware of this late on 19 February 2024, Finance immediately took a range of steps. Finance called (or attempted to call) all 236 suppliers on 20-21 February 2024 to seek the deletion of the e-mail and attachments (and followed up with an e-mail to seek written confirmation of the deletion).”
The Department said “this will be followed by a requirement for the execution of confidentiality agreements and statutory declarations to ensure the third-party confidential information is not disclosed”.
The consecutive breaches of commercial in-confidence fee schedules by government departments has sparked industry concerns over Katy Gallagher’s plan to set-up an in-house consulting capability. In response to the first breach, Senator Gallagher announced “spot checks” over 12-months to ensure the 22 service providers who inadvertently received fee schedules of their competitors did not misuse the information to secure future contracts.
A Department of Finance statement released at 9.40pm on Wednesday night said “the potential disclosure of this third-party confidential information is regrettable, and Finance apologises for the oversight”.
The Department of Finance on Thursday said it was providing “regular updates” to all Management Advisory Services panel providers impacted by the unauthorised release of sensitive contract and personal details.
As the department scrambled to allay concerns of service providers impacted by the e-mail bungle, Finance officials on Thursday sent “confidentiality deed polls and statutory declarations to all suppliers who received the spreadsheet, seeking their urgent execution”.
In a statement, the department said third-party confidential information embedded in the mistakenly sent spreadsheet attachment “comprised contact details and fee information for providers on the MAS Panel that was current as at November 2023”.
“The fee information that could be identified through manipulation of the spreadsheet is not representative of the current pricing of all providers on the MAS Panel (given that most suppliers have adjusted their fees over the past few months),” the statement said.
“As previously advised, this information would not have been accessed or viewed by a person who simply opened the spreadsheet. The fee information under the MAS Panel is a maximum charging point that suppliers propose, but is commonly reduced in response to individual requests for tender.
“All service providers will be provided a further opportunity to amend pricing in April 2024, as a part of the usual fee adjustment process outlined in the MAS head agreement.”
Senator Gallagher is in Rio de Janeiro acting for Penny Wong at the G20 Foreign Ministers’ meeting.
More Coverage
We’re living through the bad times
The first task of government is to look after the people, but sober good sense seems to have fled the political stage, submerging us under a seeping mist of disorder.
Universal childcare isn’t always the best deal for youngsters
If it turns out centre-based care is harmful for many children, is it appropriate for taxpayers to subsidise ever greater access to it?