The Office for Budget Responsibility (OBR) has announced an internal investigation after accidentally releasing its budget forecasts an hour before Chancellor Rachel Reeves delivered her budget on the 26th.
This error caused a lot of uproar, not only in parliament but also in the markets. Historically, budgets were meant to be heard first in parliament so that viewers, journalists and politicians all had access to the information at the same time. However, this leak was a serious breach of trust, with the media able to access the information over an hour early.
听
A Predicable URL Was The Key
听
The leak happened when journalists were able to access the OBR鈥檚 Economical and Fiscal Outlook (EFO) just by guessing the URL. Yes, you heard that right;听Guessing!
The OBR had used the same URL structure as it had in the past, changing only the date. Because of this, using the same URL as the previous budget, but just changing 鈥楳arch鈥 to 鈥楴ovember鈥, unlocked the full PDF to the media.
The first outlet to report on it was Reuters, who guessed the URL, found and downloaded the full document through the unsecured link. The file revealed important details about Reeve鈥檚 upcoming announcement, nearly 45 minutes before she delivered the budget.
听
The OBR Issued An Apology
听
Not long after, OBR chair Richard Hughes said he was 鈥榤ortified鈥 by the mistake. He recognised and apologised to the Chancellor and the Treasury for making the document so easily accessible. And in a world where cybersecurity is so important, not encrypting or hiding the URL was a huge oversight indeed.
At the end of last week, off the back of this, Hughes announced that the OBR has launched an internal investigation into what happened. He also said that he would resign over this if it came down to it.
听
A Cybersecurity Expert Has Been Drafted In
听
To help drive forward the inquiry, the OBR has brought in Professor Ciaran Martin, former head of the National Cyber Security Centre (NCSC) to support.
Some have questioned the move as there is no evidence of hacking, just an admin mistake, whereas others have said it signals that the OBR is taking the issue seriously.
听
More from News
- From Workouts To Managing Jetlag: The British Tech Scale-Up That Just Hit One Million Users Globally Appoints New CEO
- Hackers Tricked Instagram鈥檚 AI To Leak Your Log In Details 鈥 How Can Users Stay Protected?
- New Research Reveals The UK鈥檚 Top 10 鈥淔uture-Ready鈥 Cities
- New Research Shows How Elections Are Impacting The Job Market 鈥 Here鈥檚 How
- Is London Becoming The World鈥檚 Next AI Capital?
- Google鈥檚 AI Can鈥檛 Even Spell 鈥淕oogle鈥 鈥 So Why Is It Replacing Search?
- Will AI Labels Actually Save YouTube From AI Slop?
- The Rise Of 鈥淣ew Brand鈥 Cybercrime Groups And The Business Of Ransomware
听
What Did The Leak Show?
听
The OBR鈥檚 Economic and Fiscal Outlook (EFO) revealed sensitive details about the upcoming budget that were not meant to be seen until Reeves finished her parliamentary address.
The leak revealed some pretty big announcements, including the freeze of income tax thresholds until 2030, slower growth projections, a new tax on EVs, the scrapping of the two-child benefit cap and the new 鈥榤ansion tax鈥.
Because of the leak, MPs and members of the public learned about these key decisions before Reeves announced them.
听
The Markets Reacted
听
Unsurprisingly, after the leak, the markets were quick to react. This created some volatility in UK bond and currency markets, showing the importance of keeping the information confidential before it is announced.
听
A Lesson In Security For Every Business
听
Sometimes, the biggest data leaks don鈥檛 come from hackers, but from human error.
The frustrating thing is that this is easily avoided, but also easily done. It鈥檚 a sign that sometimes the most important online training is just covering the basics, with clear ideas around how sensitive documents should be handled.
听
What Next For The OBR?
听
The findings of the investigation are due to come out today, alongside recommendations to ensure that what has happened will never happen again.
And whilst it might sound like the answer to that is simple 鈥 change the URL! 鈥 it does represent wider gaps in online knowledge and digital literacy.
As for the OBR鈥檚 chair 鈥 the report will undoubtedly decide whether the mistake sits on his shoulders. We will wait and see what it says.
