Experts have reacted with disbelief after it was revealed that Rachel Reeves’s Budget was accessed almost 25,000 times before its official publication due to an Office for Budget Responsibility leak.
An investigation by the National Cyber Security Centre (NCSC) showed official forecasts by the OBR were downloaded on “at least” 24,701 occasions in the hour before Ms Reeves delivered her 26th November Budget.
This was much higher than the 43 occasions reported in an initial review.
A detailed report by the NCSC revealed that the first full download of the OBR’s forecasts occurred just after 11.35am on the morning of the Budget, almost an hour before Ms Reeves stood up to deliver it. It came after more than 500 unsuccessful attempts.
Britain’s cyber security unit said the file was then downloaded tens of thousands of times as links to the report quickly spread on social media.
It said that within half an hour there had been 20,547 successful downloads from more than 10,000 “unique IP addresses”.
The investigation also found that Ms Reeves’s Spring Statement last March was accessed 16 times before the Chancellor’s speech, not once as previously thought.
Richard Hughes was forced to resign as OBR chairman over the damaging leak, which the organisation described as the worst failure in its 15-year history.
The early publication confirmed a number of measures before the Chancellor announced them, including a new tax on middle-class homes and an extended stealth raid on incomes, throwing her Budget into chaos just minutes before she delivered her Budget speech.
Kenny MacAulay, CEO of accounting software platform Acting Office, said: “It beggars belief that market sensitive data can fall into the hands of tens of thousands of people due to sloppy document management in advance of such an important speech.
“Basic compliance requirements should be in place to prevent data leakage like this from happening, with the process around uploading of major reports thoroughly reviewed so confidential information remains under lock and key until the correct time.”
Security expert Graeme Stewart, head of public sector at Check Point, added: “The calamitous security breach underlines the very real risks associated with the leakage of sensitive economic data.
“With tens of thousands of people able to access the entire economic forecast in advance of the Chancellor’s speech, the opportunity for hackers and fraudsters to play the markets is immense.
“There are no credible excuses for such incidents to occur, and the government needs to initiate a complete rethink of its publication strategy.”
Mr Hughes’s resignation also followed weeks of tensions between the Treasury and the fiscal watchdog after the OBR’s decision to downgrade its assessment of long term UK growth.
Ms Reeves was later accused of misleading people over the state of the public finances after government briefings suggested the outlook for the economy was worse than later revealed.
The Treasury said it was taking several steps to improve the security and integrity of forecasts going forward.
Future OBR documents will now be published on the Government’s official website.