Cops say NZ Treasury site wasn't actually hacked after Budget leaked

By on
Cops say NZ Treasury site wasn't actually hacked after Budget leaked

Repeated searches of staging site spilled sensitive budget information.

An investigation by the New Zealand police into the leak of sensitive information ahead of Budget Day today has scotched claims the Treasury website was hacked.

Opposition National Party which published some Budget 2019 information early had been alleged by the government to have either hacked the site, or received hacked material.

National Party leader Simon Bridges hit back at the hacking claims, saying they were lies and attacked the government for being "bungling" and "incompetent" because of the premature release of sensitive budget information.

Screenshots have been posted on social media by users finding leaked Budget 2019 information cached by Google, suggesting the material had been prematurely published and the site indexed by search engines.

The hacking claims were repeated by Treasury Secretary Gabriel Makhlouf but police now say the leaked information was not obtained unlawfully.

Instead, the material was leaked via a clone of the Treasury's public website.

The clone, or staging site, was not publicly accessible and contained the updated budget information. Treasury staff intended to swap the clone site with the public one on Budget Day May 30.

However, the clone site copied all the settings for the live site which meant the updated content that included the new, sensitive information not meant to become public until May 30 was indexed and partially accessible via a search function.

Specially crafted searches using phrases from last year's budget produced results that contained summaries of 2019/2020 Estimates documents. The entire documents were not revealed.

According to Treasury, around 2000 searches were made over 48 hours, from three internet protocol addresses. One of the IP addresses were assigned to the Parliamentary Services.

Makhlouf maintans that the searches amount to deliberate, exhaustive and sustained attempts at gaining unauthorised access to embargoed data.

The Treasury Secretary has asked the State Services Commissioner to conduct an inquiry that will produce recommendations to prevent future, similar data leaks.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
In Partnership With

Most Read Articles

Log In

Username / Email:
Password:
  |  Forgot your password?