Rachel Reeves fiscal outlook accessed thousands of times

Early access to the Office for Budget Responsibility’s economic forecasts on budget day last year was far more extensive than initially believed. A report from the National Cyber Security Centre has revealed that Rachel Reeves’ fiscal outlook was downloaded at least 24,701 times prior to its official announcement.

This figure surpassed the 43 downloads recorded by the Office for Budget Responsibility in its own initial investigation. The economic and fiscal outlook, which spans around 200 pages, included market-sensitive economic forecasts and policy costings related to the government’s fiscal rules. The document was released approximately one hour before the Chancellor delivered the budget to the House of Commons on November 26.

The leak caused significant volatility in financial markets, culminating in the resignation of Richard Hughes, the chairman of the OBR. The NCSC’s inquiry, which was commissioned by the Treasury, found that there were 16 successful accesses of the OBR’s spring statement documents in March, a stark increase compared to a single recorded access in the initial investigation.

All accesses in both cases originated from the same internet service provider. Notably, a messaging app was used to distribute the ‘open’ link to the economic and fiscal outlook. Despite their best efforts, the NCSC concluded that it was not feasible to identify those behind the IP addresses, although it was previously noted that the news agency Reuters had accessed the document.

According to the NCSC’s findings, the more widespread access on budget day was attributable to technical misconfigurations in the OBR’s web publication process. The report indicates that early access was facilitated by content released prematurely in the media.

Due to these damaging leaks, the NCSC issued two recommendations that were accepted by the OBR. Future spring statements will be published by the Treasury on behalf of the OBR, leading to a permanent transition to using the government’s web platform for releasing market-sensitive publications.

The cabinet secretary has also initiated a review of how sensitive information is published across government departments. Criticism had mounted prior to the budget due to an unprecedented series of leaks regarding potential policy changes and a number of notable reversals in previous positions.

The report underscored that the Treasury would tighten its internal budget information security, implementing more restrictive IT controls. As a result, fewer officials will have access to sensitive information, and the sharing of such details will be significantly restricted. The OBR is expected to mirror these changes where applicable, taking additional steps to enhance information security for its broader forecasting objectives.