On November 26, 2025, what should have been a routine Budget day in the United Kingdom was unexpectedly overshadowed by a significant blunder at the heart of the government’s fiscal watchdog. The Office for Budget Responsibility (OBR), the independent body tasked with providing economic forecasts and scrutinizing the government’s fiscal plans, found itself at the center of a storm after its highly sensitive Economic and Fiscal Outlook (EFO) document was made available online nearly an hour before the Chancellor delivered her Budget speech. The fallout was swift and severe, culminating in the resignation of the OBR’s chair, Richard Hughes, and a flurry of apologies, recriminations, and calls for reform.
According to the official report published on December 1, 2025, the early release of the EFO was not just a technical mishap—it was described as the “worst failure in the 15-year history of the OBR.” The probe, which included expert input from Professor Ciaran Martin, former head of the National Cyber Security Centre, found that the incident was the result of two key errors related to the OBR’s use of the WordPress publishing platform. Specifically, the watchdog had assumed that the protections offered by WordPress would prevent premature access to embargoed documents. However, the use of a download monitor plug-in, which bypassed authentication requirements, left the EFO vulnerable to anyone with the know-how to guess the file’s web address.
This vulnerability was not merely theoretical. The logs showed that the first IP address to successfully access the EFO on November 26 had made 32 attempts, beginning at around 5 a.m. that day. Treasury minister James Murray highlighted the seriousness of this, stating, “That market-sensitive information could have been prematurely accessible to a small group of market participants is extremely concerning. That it might have been the case on more than one occasion is even more severe.” He went on to note, “This unfortunately leads us to consider whether the reason they tried so persistently to access the EFO is because they have been successful at a previous fiscal event.”
Indeed, the investigation uncovered that this was not an isolated incident. The report admitted that a similar breach had occurred during the Chancellor’s spring statement in March 2025, when the forecasts were accessed five minutes after the Chancellor began her speech—nearly half an hour before the official publication time. While the logs suggested that no action was taken as a result of that premature access, the mere possibility that sensitive economic data could have been used by market participants before it was meant to be public sent shockwaves through Westminster and the City alike.
Faced with the scale of the failure, Richard Hughes, who had served as chair of the OBR since 2020 and had been reappointed for a second five-year term as recently as July, tendered his resignation on December 1. In a letter addressed to the Chancellor and the chair of the Commons Treasury committee, Hughes wrote, “I take full responsibility for the shortcomings identified in the report.” He added, “By implementing the recommendations in this report, I am certain the OBR can quickly regain and restore the confidence and esteem that it has earned through 15 years of rigorous, independent economic analysis.”
The report did not spare the OBR’s leadership, stating unequivocally that “ultimate responsibility for the circumstances in which this vulnerability occurred and was then exposed rests, over the years, with the leadership of the OBR.” Non-executive members Sarah Hogg and Dame Susan Rice were blunt in their assessment: “It is the worst failure in the 15-year history of the OBR. It was seriously disruptive to the chancellor, who had every right to expect that the EFO would not be publicly available until she sat down at the end of her Budget speech.”
However, the finger of blame did not point solely at the OBR. The report also criticized the Treasury and the Cabinet Office for failing to provide adequate resources to the watchdog, noting that the twice-yearly task of publishing large, sensitive documents like the EFO was “out of scale with virtually all of the rest of its publication activities.” Professor Martin’s analysis found that the OBR’s protocols for releasing the EFO “reveal a well-planned but significantly underpowered operation ... more akin to that used by a small or medium-sized business (which of course in size the OBR resembles).”
The political fallout was immediate. Chancellor Rachel Reeves thanked Hughes for his “many years of public service” and reaffirmed the government’s commitment to “protecting the independence of the OBR and the integrity of our fiscal framework and institutions.” But not everyone was satisfied. Conservative leader Kemi Badenoch accused the Chancellor of using Hughes as a “human shield” and called for Reeves herself to resign, alleging she had misled the public over the state of the public finances in the run-up to the Budget. Meanwhile, the Prime Minister’s official spokesperson described the conclusions of the report as “incredibly serious,” promising a full consideration of the implications.
On December 2, senior members of the OBR appeared before Parliament to offer a formal apology for the early release, echoing the statements made in the investigation report. The OBR acknowledged the gravity of the incident, which had not only undermined confidence in the institution but also risked distorting market behavior and disrupting the government’s fiscal policy process.
The recommendations in the investigation report are clear: the OBR must overhaul its procedures for publishing sensitive documents, and the government must ensure that the watchdog is properly resourced to carry out its vital role. Whether these steps will be enough to restore trust in the OBR remains to be seen, but for now, the episode stands as a cautionary tale about the perils of underestimating digital vulnerabilities and the importance of rigorous oversight in the management of market-sensitive information.
As the dust settles, Westminster is left to reckon with the implications of the OBR’s “worst failure,” and the urgent need to safeguard the integrity of the UK’s fiscal institutions in an era where a single technical slip can have far-reaching consequences.
