A scathing report into how National got its hands on Budget information prematurely last year has placed the blame for the blunder on Treasury's top brass.

A State Services Commission (SSC) report to the saga, released this morning, has concluded that "governance and oversight at the Treasury's executive-level fell short".

It also said the risk management process around last year's Budget was not good enough and that concerns around security risks were not escalated.

Budget 'leak': Treasury says it was 'deliberately and systematically' hacked
Budget 2019: The Treasury to investigate 'potential' leak of details to National Party
Budget leak: Simon Bridges wants heads to roll over Treasury hack 'lies'
Budget 2019: 2000 hack attempts on Treasury website, National denies wrongdoing


The Commission's investigation has also relieved that the same security flaws which lead to blunder also existed in 2018.

"This should not have happened," State Services Commissioner Peter Hughes said.
"Somethings are so critical that they can never be allowed to fail. Security of the Budget is one of these."

The State Services Commission acts as the watch-dog of all public sector agencies.

Last year, just weeks before the 2019 Budget, National released information it said the party had obtained from the Budget ahead of its release.

At first, the Treasury said it had been "hacked" and referred the matter to the Police to investigate.

But, as National later revealed, the information had been obtained through a simple search function on the Treasury's website.

The SSC launched an investigation, which had to be started again after one of the investigators failed to disclose a conflict of interest in November.

This morning, the Commission concluded that Treasury's failure to keep Budget sensitive information secure was "not acceptable".


Although Hughes said Treasury has an excellent reputation when it comes to fiscal and economic policy with good people doing their best, "sometimes doing your best is not enough".

"Some things you just need to get right. Each and every time. For these you need to check, check and check again."

That didn't happen with security around Budget 2019, he said and added that he was disappointed that Treasury's senior leadership was not "hands-on" enough with the task.

A "series of technical decisions" led to the flaw in Treasury's systems which allowed the information to be searchable ahead of time, the report said.

The Treasury Secretary at the time of the blunder, Gabriel Makhlouf, has since left the Treasury and is not Ireland's Reserve Bank Governor.

Makhlouf was not mentioned by name in the report, but a separate investigation into Makhlouf's leadership in the saga midway through last year found his actions were not reasonable and he should have taken more personal responsibility.

Makhlouf has always maintained his innocence.

Hughes said that he is confident the new Treasury Secretary, Caralee McLiesh, has made the necessary changes to ensure the blunder never happens again.

This includes the appointment of an executive to personally overseas Budget security matters, as well as new security and testing policies.

McLiesh said the Treasury accepts all the report's findings.

"The Budget is a core priority of the Treasury and what happened should never happen again," she said.