A new investigation into the major leak of last November’s Budget has revealed the document was viewed online almost 25,000 times before the Chancellor’s official statement to Parliament, as described by GB News.
Scale of the Breach
A forensic report by the National Cyber Security Centre (NCSC) found the leaked material was accessed a minimum of 24,701 times in the hour before Chancellor Rachel Reeves delivered her address. This figure vastly exceeds an original assessment, which suggested only 43 people had seen the prematurely published document.
The investigation traced the incident to the Office for Budget Responsibility’s (OBR) economic forecasts, which appeared online thirty minutes ahead of the formal announcement on November 26.
The NCSC examination determined that the first complete download of the forecasts occurred shortly after 11.35 am that morning. This success followed more than 500 prior failed attempts to access the file. Once live, links to the document spread rapidly, with the file successfully retrieved 20,547 times within just thirty minutes. These downloads originated from in excess of 10,000 distinct IP addresses.
Reaction and Resignation
The incident triggered a political storm. In reaction, Chancellor Rachel Reeves described herself as being at the “higher end of the angry scale.”
The OBR issued an apology at the time, attributing the leak to a “technical error” and pledging to share its investigation findings with the Treasury to prevent a recurrence. Fewer than a week after the incident, OBR chairman Richard Hughes announced his departure.
Announcing his resignation, Mr Hughes stated: “The inadvertent early dissemination of our Economic and fiscal outlook on November 26 was a technical but serious error.” He expressed conviction that the organisation, known for fifteen years of rigorous independent analysis, could swiftly rebuild its reputation, and said he needed to help the body he had “loved leading for the past five years” move beyond this “regrettable incident”.
In response to his resignation, Ms Reeves thanked him for his public service and five years heading the OBR, reaffirming the Government’s commitment to protecting the watchdog’s independence.
Security Recommendations
The NCSC report set out several recommendations to safeguard future Budgets from similar breaches. Investigators called for a review of how sensitive fiscal information is compartmentalised, with particular attention to the need-to-know principle.
The report proposed introducing standardised security induction briefings for all government personnel handling confidential Budget material. It also urged the Treasury to explore enhanced methods for sharing information securely between departments, including greater reliance on technical controls such as system-enforced access restrictions for the most sensitive measures.
Additionally, the report stated that staff were to be reminded of their duty under the relevant code to report any approaches from journalists to the communications director.
