A scathing investigation has revealed that the premature release of last week's Autumn Budget details was not an isolated incident, marking what has been described as "the worst failure in the 15-year history" of the Office for Budget Responsibility (OBR).
Systemic Failure Uncovered
The watchdog's report, published on Monday 1 December 2025, concluded that the weaknesses which allowed the November 2025 Economic and Fiscal Outlook (EFO) to be uploaded to its website almost an hour before Chancellor Rachel Reeves began her speech were pre-existing. Crucially, the investigation found logs indicating that the March 2025 forecast was also accessed prematurely.
Specifically, the March document's IP address was accessed just five minutes after the then-Chancellor started speaking to Parliament and nearly thirty minutes before its official publication time. However, the report noted there was no evidence of any activity being undertaken as a result of that earlier access.
Government Demands Urgent Action
In a ministerial statement to the House of Commons, Chief Secretary to the Treasury James Murray said the government was "very concerned" by the findings. He labelled the early release a "fundamental breach" of the OBR's responsibility and a discourtesy to Parliament.
Mr Murray revealed a particularly alarming detail from the report: on the morning of the Budget, the first IP address to successfully access the EFO had made 32 prior attempts starting at around 5am. He stated this persistence suggested the user may have had prior success at a previous fiscal event, prompting the need for a wider probe.
The Treasury minister confirmed the government would work with the National Cyber Security Centre (NCSC) to conduct a "deeper forensic investigation" into previous OBR disclosures. The Treasury will also contact previous chancellors to inform them of these developments.
Leadership Under Fire but Retains Support
The damning report placed "ultimate responsibility" squarely on the leadership of the OBR, raising significant questions for its chair, Richard Hughes. The OBR itself conceded that its leadership must take "immediate steps to change completely" how it publishes its sensitive twice-yearly reports.
Despite the severe criticism, Chancellor Rachel Reeves has maintained her support for Mr Hughes. She stated she continues to have "a huge amount of respect" for both him and the organisation he leads.
The OBR's investigation found that common and basic security protections, such as passwords and randomised URLs, had not been used to prevent early access. The government has pledged to address these systemic risks urgently to ensure such a breach never happens again.
