London, November 28, 2025
The Office for Budget Responsibility (OBR) faced a premature leak of its November budget analysis report on its website due to a URL manipulation vulnerability, prompting an immediate cybersecurity investigation and causing disruptions in financial markets. The incident occurred days before the official budget release, exposing sensitive government fiscal plans.
Details of the Leak
Users discovered they could access the confidential November budget report by altering the URL of a previously published March report on the OBR website. This flaw allowed unauthorized early access to the PDF document containing detailed fiscal data, including a planned three-year freeze on income tax rates.
Official Response and Investigation
OBR chairman Richard Hughes expressed being “personally mortified” by the security lapse. He issued an apology to Rachel Reeves, the shadow chancellor, and announced that a full investigation led by a cybersecurity expert is underway. The findings from this inquiry will be reported to Members of Parliament to ensure accountability and transparency.
Market Impact and Sensitive Information
The premature exposure of the budget analysis unsettled UK bond and currency markets, which reacted to the early revelation of key policy measures prior to the chancellor’s formal statement. The disclosure undermined the careful timing and coordination typically required for treasury communications, highlighting the sensitivities of handling fiscal data.
Context of UK Cybersecurity and Government Data Protection
This breach coincides with the recent enactment of the UK government’s cybersecurity bill, which seeks to strengthen protections for critical national infrastructure, including public economic institutions. The incident underscores the urgency of bolstering digital defenses around government platforms that manage sensitive financial information.
Securing such digital assets is crucial not only to preserve market confidence but also to safeguard the integrity of public policy processes. The OBR leak serves as a stark reminder of emerging cyber threats targeting essential public services amid an evolving security landscape.
Given these circumstances, the OBR’s forthcoming investigation will be closely monitored by policymakers and cybersecurity experts alike, as the UK government aims to restore trust and reinforce its commitment to robust cybersecurity governance in the public financial sector.