"Earlier this week, the OBR's November 2025 Economic and Fiscal Outlook (EFO) was quietly uploaded to a publicly accessible server in advance of publication. While it wasn't actually linked or listed on the OBR website, reporters quickly discovered the file simply by guessing its URL, which was so similar to that of a previous official document that the only real cyber skill required was remembering how months work."
"The budget watchdog has launched an investigation [PDF] into the blunder, to be published by December 1, that will be overseen by the OBR's Oversight Board, and guided by Martin as expert advisor, alongside Treasury IT and security specialists. Martin, who founded the NCSC before stepping down in 2020, is now a cybersecurity advisor across public and private sectors - though he probably never imagined being summoned for what feels like the IT equivalent of mislabeling a sandwich in the office fridge."
An OBR November 2025 Economic and Fiscal Outlook (EFO) file was uploaded to a publicly accessible server before its scheduled publication. The file was not linked or listed on the OBR website but was discovered when reporters guessed a URL similar to a previous document. The file was accessible 45 minutes before the Chancellor's Commons statement, exposing Budget headline policies early. OBR chair Richard Hughes apologized and called the incident a serious error. An investigation will be overseen by the OBR Oversight Board and guided by cybersecurity expert Ciaran Martin to determine how early access occurred and what actions are needed to prevent future breaches.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]