NCSC reveals budget forecasts that have been accessed nearly 25,000 times before publication

Official Budget forecasts were accessed almost 25,000 times before their official release after the Office for Budget Responsibility leak, according to a new investigation by UK cyber security authorities.

A report by the National Cyber ​​Security Center found that documents prepared by the Office of Budget Responsibility were downloaded “at least” 24,701 times in the hour before Rachel Reeves delivered her Budget speech on November 26.

The number is significantly higher than the 43 downloads cited in the first internal review. The NCSC said the first full download of the OBR’s forecasts took place just after 11.35am on Budget day, about an hour before the Chancellor addressed the Commons, following more than 500 failed attempts to access.

According to the report, links to these documents quickly spread on social media, resulting in tens of thousands of downloads. Within 30 minutes, there were 20,547 successful downloads from over 10,000 unique IP addresses.

The investigation also revealed that Ms. Reeves’ Spring Statement last March was accessed 16 times before the speech was delivered, contradicting previous allegations that it had never been accessed before.

The leak prompted Richard Hughes, who resigned as chairman of the OBR after the agency described the incident as the worst failure in its 15-year history.

The early release of the forecasts confirmed a number of Budget measures ahead of the speech, including changes affecting middle-income homeowners and an extension of the shadow tax measures. The revelation is understood to have caused considerable disruption in the final moments before the Chancellor delivered his address.

Kenny MacAulay, chief executive of accounting software company Acting Office, criticized the handling of sensitive information. “The belief that sensitive information in the market could fall into the hands of tens of thousands of people due to careless handling of documents before such an important event,” he said. “Basic compliance requirements should prevent leaks of this nature.”

Graeme Stewart, head of public sector at Check Point, said the breach presented a serious risk. “Since tens of thousands had access to the full economic forecast in advance, the possibility of market manipulation by hackers or fraudsters was great,” he said, calling for a review of publishing procedures.

Mr Hughes’ departure follows weeks of friction between the Treasury and the OBR, after the watchdog lowered its long-term growth outlook for the UK economy. Ms Reeves was later accused by critics of misleading the public about the state of public finances, after government briefings painted a worse picture than the data presented.

The Ministry of Finance said it is taking steps to strengthen security and protect the reputation of economic forecasts. Future OBR documents will now be published exclusively on the government’s official website, in a bid to prevent repeat breaches.