False alarm for New Zealand budget leak


Alarm at what was thought to be a leak of the New Zealand budget, was actually caused by hackers using the search engine on the Treasury’s web page. 

Earlier this week, the opposition National party in New Zealand said that certain pages of a much-anticipated wellbeing budget had been leaked online, in contravention of the embargo date set.

The Treasury’s secretary, Gabriel Makhlouf, announced that hackers were behind the leak, citing more than 2,000 login attempts on the Treasury’s computer systems over a two-day period.

On the grounds that the IT infrastructure was under deliberate and sustained attack from fraudsters, authorities were notified and an official probe began into the case.

The investigation came to an end yesterday, when police discovered that the “leak” was actually a perfectly legal use of the Treasury website’s search engine. The matter was brought to a close, leaving officials in the Labour coalition government rather red faced.

In a statement, the Treasury said:

“The police have advised the Treasury that, on the available information, an unknown person or persons appear to have exploited a feature in the website search tool but that this does not appear to be unlawful.”

Calls have been made for the resignation of finance minister, Grant Robertson and treasury secretary, Gabriel Makhlouf, who continue to believe that the documentation was sourced through “deliberate, exhaustive and sustained attempts to gain unauthorized access to embargoed data.”

The ease with which users are able to access documents through the search engine in question was demonstrated to reporters at a recent news conference.

The opposition National Party leader, Simon Bridges, said:

“What we’ve seen this week is unprecedented and the most contemptible behaviour I’ve seen by a government.

In a short statement, Grant Robertson said:

“I’m very disappointed that confidential budget information was able to be accessed in this way.”

“I am also very disappointed that the Treasury did not seek to find more information as to how this happened before referring the matter to the police.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.