Treasury claims hacking attempts preceded Budget leak

Treasury claims hacking attempts preceded Budget leak

Budget leak followed hacking attempts that reportedly started on Sunday night

Gabriel Makhlouf (Treasury)

Gabriel Makhlouf (Treasury)

Credit: Supplied

New Zealand's Treasury is claiming it was the target of a hacking attack ahead of the leak of confidential budget details on Monday.

Gabreil Makhlouf, Treasury secretary and CEO, said the Treasury has "gathered sufficient evidence to indicate that its systems have been deliberately and systematically hacked."

The Treasury has referred the matter to the Police on the advice of the National Cyber Security Centre.

Media reports this morning indicate more than 2,000 attempts were made to hack Treasury's website starting on Sunday night.

"The Treasury takes the security of all the information it holds extremely seriously," Makhlouf said. 

"It has taken immediate steps today to increase the security of all Budget-related information and will be undertaking a full review of information security processes.

"There is no evidence that any personal information held by the Treasury has been subject to this hacking."

National leader Simon Bridges released details of the Budget that were supposed to remain confidential until Thursday, however, he says National has not done anything improper.

It is not known whether the alleged hacking attempt was successful or what it achieved or was trying to achieve.

Some online commentators are asking whether Treasury actually posted Budget details on its website at a guessable URL. Treasury, however, is reportedly denying they were ever uploaded to a publicly available website.

Comments from Makhlouf to Radio NZ also suggest there was no inadvertent posting.

"It wasn't an instance of someone stumbling into the room accidentally; it wasn't an instance of someone attacking the bolt and finding that it broke immediately," he said. 

"It wasn't someone who tried not once, not twice but in fact over 2000 times to attack that bolt."

Cyber security company Darkscope, however, is disputing the hacking claim.

Darkscope’s scan of cyber-attack activity in the New Zealand government sector showed that government agencies are always under attack by mainly foreign attackers, the company said. 

An attack rate of 1000 attempts in a day was at the very light end of the spectrum.

“A more likely scenario is that someone used a spider or crawler program to find ‘hidden’ content in the Treasury website, which is not considered a cyber-attack, and may have found the Budget 2019 files which were not protected properly at that stage.” said Joerg Buss, Darkscope’s technical director.

It was Darkscope's conclusion that Treasury was not hacked, but it that it was possible that the information "leaked" from the web page because of a human error.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackinghackTreasury


EDGE 2024

Register your interest now for EDGE 2024!



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments