The Office for Budget Responsibility (OBR), the UK’s independent fiscal watchdog, suffered a critical data breach when its full fiscal forecast and key budget measures were prematurely published online 30 minutes before Treasury Chief Rachel Reeves’ official announcement in the House of Commons. The leak, attributed to a ‘technical error’, exposed sensitive economic projections, tax policies, and financial strategies meant to remain confidential until the formal budget release. The incident occurred amid political turmoil, undermining public trust in the government’s ability to manage confidential information.The OBR acknowledged the serious error, pledging investigations and reports to relevant authorities, including the Treasury. The leak disrupted market expectations, risked insider trading or speculative financial moves, and embarrassed the Labour government, which was already grappling with internal dissent, broken election pledges, and economic instability. While no direct financial theft or ransomware was involved, the unauthorized disclosure of high-stakes economic data critical to national fiscal policy threatened financial market stability and eroded institutional credibility, with opposition parties demanding resignations over the governance failure.
Office for Budget Responsibility cybersecurity rating report: https://www.rankiteo.com/company/office-for-budget-responsibility
"id": "OFF4794147112625",
"linkid": "office-for-budget-responsibility",
"type": "Breach",
"date": "11/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'UK public, financial markets, '
'political stakeholders',
'industry': 'Public Administration',
'location': 'London, United Kingdom',
'name': 'HM Treasury (UK Government)',
'type': 'Government Department'},
{'industry': 'Public Sector/Economics',
'location': 'London, United Kingdom',
'name': 'Office for Budget Responsibility (OBR)',
'type': 'Independent Fiscal Watchdog'}],
'data_breach': {'data_exfiltration': 'No (data published prematurely on OBR '
'website, not stolen)',
'file_types_exposed': ['PDF (likely), HTML/web content'],
'sensitivity_of_data': 'High (national economic strategy; '
'market-sensitive information)',
'type_of_data_compromised': ['Economic policy documents',
'Taxation plans',
'Fiscal forecasts',
'Welfare reforms']},
'date_detected': '2024-11-06',
'date_publicly_disclosed': '2024-11-06',
'description': "The UK government's 2024 budget details, including a £26 "
'billion tax-raising plan, were leaked online by the Office '
'for Budget Responsibility (OBR) 30 minutes before Treasury '
"chief Rachel Reeves' official announcement in the House of "
'Commons. The OBR attributed the premature disclosure to a '
"'technical error,' calling it a 'serious mistake.' The leak "
'occurred amid political turmoil, including broken election '
'promises, economic struggles, and leadership challenges '
'within the Labour Party.',
'impact': {'brand_reputation_impact': 'High (government credibility '
'undermined; opposition parties '
"criticized Labour's competence; media "
"coverage framed as 'chaos')",
'data_compromised': ['Budget fiscal forecasts',
'Tax policy details (e.g., income tax '
'threshold freezes, mansion tax, capital '
'gains tax changes)',
'Welfare policy changes (e.g., child benefit '
'restrictions lifted)',
'Economic growth projections',
'Public finance buffers (£22 billion)'],
'operational_impact': 'Disrupted controlled budget announcement; '
'political fallout including calls for '
'resignation of Treasury chief Rachel Reeves',
'systems_affected': ['Office for Budget Responsibility (OBR) '
'website']},
'investigation_status': 'Ongoing (OBR internal review announced)',
'motivation': 'Accidental (no malicious intent confirmed)',
'post_incident_analysis': {'root_causes': ["Technical error in OBR's content "
'publication system']},
'references': [{'date_accessed': '2024-11-06',
'source': 'Associated Press (AP)'}],
'regulatory_compliance': {'regulatory_notifications': ['OBR committed to '
'reporting to Treasury '
'and other '
'authorities']},
'response': {'communication_strategy': ['Rachel Reeves labeled the leak '
"'deeply disappointing and a serious "
"error' in Parliament",
'OBR issued a public statement '
"attributing the leak to a 'technical "
"error'"],
'containment_measures': ['OBR removed prematurely published '
'content; issued public apology'],
'incident_response_plan_activated': 'Yes (OBR acknowledged error '
'and committed to reporting '
'to authorities)',
'remediation_measures': ['OBR pledged internal review; report to '
'Treasury and relevant authorities']},
'stakeholder_advisories': ["Rachel Reeves' statement in House of Commons; OBR "
'public apology'],
'title': 'UK Government Budget Leak Incident (2024)',
'type': 'Data Leak / Unauthorized Disclosure',
'vulnerability_exploited': 'Technical error (premature website publication)'}