Menu
Treasury error exposed Budget data to searches

Treasury error exposed Budget data to searches

Headline budget data was able to be found in web searches

Gabriel Makhlouf (Treasury)

Gabriel Makhlouf (Treasury)

Details of Budget documents posted by Treasury were able to be exposed through web searches, the agency has confessed.

Police have now called off their hacking investigation and a new enquiry has been been launched into the Treasury IT error by the State Services Commission.

Someone with a IP address from Parliament, Vocus and 2degrees used multiple simple search queries to extract some headline information from the Budget, Treasury said this morning.

That led to accusations of hacking late on Tuesday and to the Police being called in.

Treasury Secretary Gabriel Makhlouf said in his view, there were deliberate, exhaustive and sustained attempts to gain unauthorised access to the embargoed data. 

"Our systems were clearly susceptible to such unacceptable behaviour, in breach of the long-standing convention around Budget confidentiality, and we will undertake a review to make them more robust," Makhlouf said.

Treasury had developed a clone of its website to which Budget information was added when each document was finalised.

The agency intended to swap the clone website to the live website on Budget day so that the information was available online.

The clone website was not publicly accessible, but as part of the search function on the website, content was indexed to make the search faster. 

Search results could be presented with the text in the document that surrounds the search phrase.

The clone copied all settings for the website including where the index resides. The index on the live site therefore also contained entries for content on the clone site.

Specifically-worded searches would find small amounts of content from the 2019/20 Estimates documents.

Approximately 2,000 search terms were were to find information in the Budget, but no documents were accessible outside of Treasury's network.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmenthackbudgetTreasurysecurity

Featured

Slideshows

Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
EDGE 2019: Channel forges new partnerships during evening networking

EDGE 2019: Channel forges new partnerships during evening networking

Partners, vendors and distributors reconnected during a number of social gatherings during EDGE 2019. The first evening saw the channel congregate for a welcome party at the Hamilton Island yacht club, while the main poolside proved to be the perfect stop for a barbecue on the final night.

EDGE 2019: Channel forges new partnerships during evening networking
Show Comments