Government consulting fees of 400 consultancies leaked by breach

A massive confidentiality breach has rattled the Australian consulting sector, but this time it was the government itself passing on the sensitive commercial information on billing-rates among rival firms. 

The Australian government has responded to an embarrassing leak of the billing rates of more than 400 consultancies including members of the Big Four and MBB (McKinsey, Boston Consulting Group and Bain & Company) by saying it will keep an eye on the recipient firms to ensure they don’t take advantage of the information breach.

According to reports, almost two dozen consultancies were made privy to the data, which was mistakenly forwarded by the Department of Health and Aged Care.

Known as the ‘MAS Supplier Matrix’, the highly confidential details concerning quotes to the federal government were received in early November by 22 consultancies in total – including at least one of the Big Four according to sources of the AFR – with three of the Big Four among the 413 firms to have had their sensitive commercial information revealed to potential rivals, offering a distinct market advantage in terms of bidding for government contracts and beyond.

Together with law firms Minter Ellison and Clayton Utz, other big consultancies known to have had their billing data leaked include Accenture, McKinsey & Company and BCG, the country’s biggest advisory contractors to the federal government alongside the Big Four of KPMG, EY, Deloitte and PwC, the latter prior to its own government confidentiality breach which led to the $1 sale of its public sector business. Its successor Scyne Advisory was also on the list.

While finance minister Katy Gallagher has refused to reveal exactly which firms had received the documents, she told the Senate that the department would now carry out ‘spot-checks’ of its informal tender replies for at least the next twelve months in response, pointing to the potential sanctions such as suspension or termination from its MAS – or Management Advisory Services panel – already in place should a provider be caught exploiting the slip-up for commercial gain.

The department had also issued a ‘deed of confidentiality’ update for the 22 recipient firms and statutory declarations to be signed by all of their personnel who had access to the data, but not all of the consultancies were quick to respond. In an awkward shoe-on-the-other-foot parallel to the PwC affair, Gallagher also noted that only twelve of the firms had downloaded the original documents in the first place, with the bulk of those claiming they hadn’t actually read them prior to deletion.

However, angered consultants from the affected firms were dubious about the likelihood of their rivals acting in good faith and scathing of the government’s response, with one asserting to the AFR that those organisations would ‘forevermore’ know the price-point to be competitive, and another stating; “While Canberra mandarins may not have ever run a business themselves, the reality is that this information is the lifeblood of the private sector.”

Meanwhile, other that some tightening of procedures and a refresher course on uploading documents – again reminiscent of PwC’s the initial slap on the wrist – the department responsible for the cock-up doesn’t appear to be facing any further consequences, opening the door to those of a conspiracy bent. Gallagher, who is leading the charge to reduce the government’s consulting bill by $3 billion, said the annual MAS process would also now be brought forward, with applicants of course having the option to reduce their prices.