Connect with us

Hi, what are you looking for?


Application Security

New Zealand Says Budget Leak Was Bungled, Not Hacked

A security breach that led to the premature release of New Zealand’s budget resulted from an online bungle, not a sophisticated cyberattack as originally claimed, red-faced officials admitted Thursday.

A security breach that led to the premature release of New Zealand’s budget resulted from an online bungle, not a sophisticated cyberattack as originally claimed, red-faced officials admitted Thursday.

The Treasury department called in police this week after the opposition National Party released parts of the government’s annual budget, which was not due for release until Thursday.

At the time, Treasury Secretary Gabriel Makhlouf said his department had fallen victim to a “systematic” and “deliberate” hack, rejecting “absolutely” any suggestion the information had been accidentally posted online.

He was forced into an embarrassing backdown Thursday after police found no evidence that illegal activity was behind the leak.

“On the available information, an unknown person or persons appear to have exploited a feature in the website search tool but… this does not appear to be unlawful,” Makhlouf said in a statement.

He said Treasury prepared a “clone” website ahead of the Budget’s release but did not realise that entering specific search terms on it revealed embargoed information.

Budget documents are a closely guarded secret and Makhlouf said an inquiry would be held to ensure such a breach was not repeated.

Advertisement. Scroll to continue reading.

This year’s document is the centre-left government’s inaugural “well-being” budget, which it says is a world-first attempt to change the way economic progress is measured, putting people ahead of growth.

National leader Simon Bridges called for Makhlouf’s resignation, saying the Treasury boss knew about the bungle days ago because his department fixed the website bug before police were called in.

He accused Makhlouf of sitting on the information and instead going public with an accusation that implied National had carried out an illegal hack.

“Clearly his position is not tenable,” Bridges told reporters.

Finance Minister Grant Robertson, the minister responsible for the budget, declined to publicly back Makhlouf, who is due to leave his position next month and become governor of the Central Bank of Ireland.

“I am… very disappointed that the Treasury did not seek to find more information as to how this happened before referring the matter to the police,” he said in a statement.

He refused to address the matter further in the budget media lock-up at parliament, which Makhlouf did not attend, contrary to normal practice.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.