A scathing report into how National got its hands on sensitive Budget information prematurely has placed the blame for the blunder on Treasury's top brass.
A State Services Commission (SSC) report in to the saga, released this morning, has concluded that "governance and oversight at the Treasury's executive-level fell short".
The risk-management process around last year's Budget was not good enough and concerns around security risks were not escalated, it says.
• Budget 'leak': Treasury says it was 'deliberately and systematically' hacked
• Budget 2019: The Treasury to investigate 'potential' leak of details to National Party
• Budget leak: Simon Bridges wants heads to roll over Treasury hack 'lies'
• Budget 2019: 2000 hack attempts on Treasury website, National denies wrongdoing
The Commission's investigation has also revealed that the same security flaws that led to the blunder also existed in 2018.
Treasury Secretary, Caralee McLiesh has promised the blunder would never happen again but National says today's report shows Finance Minister Grant Robertson failed to keep Budget sensitive information secure.
Speaking at press conference this morning, State Services Commissioner Peter Hughes said: "This should not have happened,"
"Some things are so critical that they can never be allowed to fail. Security of the Budget is one of these."
The State Services Commission acts as the watchdog of all public sector agencies.
Last year, just weeks before the 2019 Budget, National released information it said the party had obtained from the Budget ahead of its release.
At first, the Treasury claimed it had been "hacked" and referred the matter to the police to investigate.
But, as National later revealed, the information had been obtained through a simple search function on the Treasury's website.
The SSC launched an investigation, which had to be started again after one of the investigators failed to disclose a conflict of interest in November.
This morning, the commission concluded that Treasury's failure to keep Budget sensitive information secure was "not acceptable".
Although Hughes said Treasury had an excellent reputation when it came to fiscal and economic policy with good people doing their best, "sometimes doing your best is not enough".
"Some things you just need to get right. Each and every time. For these you need to check, check and check again."
That didn't happen with security around Budget 2019, he said and added that he was disappointed that Treasury's senior leadership was not "hands-on" enough with the task.
A "series of technical decisions" led to the flaw in Treasury's systems which allowed the information to be searchable ahead of time, the report said.
The Treasury Secretary at the time of the blunder, Gabriel Makhlouf, has since left the role and is now Ireland's Reserve Bank Governor.
Makhlouf was not mentioned by name in the report, but a separate investigation into Makhlouf's leadership in the saga midway through last year found his actions were not reasonable and he should have taken more personal responsibility.
Makhlouf down-played his own responsibility in the fiasco.
Hughes said that he is confident McLiesh has made the necessary changes to ensure the blunder never happens again.
This includes the appointment of an executive to personally overseas Budget security matters, as well as new security and testing policies.
McLiesh said the Treasury accepts all the report's findings.
"The Budget is a core priority of the Treasury and what happened should never happen again."
National's finance spokesman Paul Goldsmith said Robertson is the Minister in charge of Treasury and, although he's tried to distance himself from the Budget blunder, the buck stops with him.
"This is one of the biggest failures in Treasury's history and it happened under his watch."
He said Robertson should apologise to National for implying the party was involved in illegal activity.