On November 27, 2025, the United Kingdom’s fiscal transparency took an unexpected turn when the Office for Budget Responsibility (OBR) accidentally published its highly anticipated Autumn budget forecast online—well before Chancellor Rachel Reeves could announce it to Parliament. The premature release, occurring about 40 minutes ahead of schedule, sent shockwaves through Westminster, financial markets, and the wider public, raising urgent questions about information security and government accountability.
At the heart of the incident was a seemingly innocuous technical oversight. The OBR’s economic forecast, which contained sensitive policy details—such as a new pay-per-mile charge on electric vehicles, a three-year freeze on tax thresholds, and the decision to lift the two-child cap on benefits—was uploaded to a web address that followed the same predictable pattern as previous reports. Journalists, preparing for the day’s events, simply swapped the word ‘March’ for ‘November’ in the URL of a past document. That simple guesswork unlocked the entire report before it was meant to see the light of day.
Reuters, the news agency that first broke the embargo by publishing excerpts, described the process plainly: “The document, which is usually published after the finance minister’s speech has ended, was uploaded to the OBR website and available to download on an unprotected link. The link was not advertised on the website but the OBR has used the same web address, or URL, for previous budget documents, changing only the date.”
The fallout was immediate and severe. As soon as the leak became apparent—just before midday—notes were rushed to Chancellor Reeves in the House of Commons, and MPs scrambled to determine what information had become public. The OBR’s chair, Richard Hughes, was quick to respond. Speaking on BBC Radio 4’s Today programme, Hughes didn’t mince words about the gravity of the situation. “I felt personally mortified by what happened. The OBR prides itself on our professionalism. We let people down yesterday and we’ll make sure it doesn’t happen again,” he said. Hughes confirmed he had written to both Chancellor Reeves and Meg Hillier, chair of the Treasury Select Committee, to formally apologize for the disruption.
Market reaction was swift, if brief. The early release of market-sensitive details caused volatility in the UK bond and currency markets, as investors digested news of tax freezes and revised growth forecasts. The political response was equally intense. Shadow Chancellor Mel Stride called the incident “utterly outrageous” and demanded an inquiry, even suggesting that the leak “may constitute a criminal act.” Meanwhile, Liam Byrne, chair of the business and trade select committee, declared in the Commons, “I seriously think that Mr Hughes needs to consider his position. The fact that we had a leak of the OBR forecast before this House got to debate the budget is appalling, and this uncertainty has bedevilled us.”
In an effort to restore confidence and uncover the root cause, the OBR launched a comprehensive investigation into the leak. The inquiry is being overseen by the independent members of the OBR’s oversight board, Sarah Hogg and Dame Susan Rice, with expert input from Professor Ciaran Martin, former head of the National Cyber Security Centre (NCSC) and current Oxford University professor. Martin’s appointment signaled the possibility of “external interference,” though all initial evidence pointed to an internal technical error compounded by predictable URL structures.
Hughes elaborated on the scope of the investigation: “We’ve initiated an investigation into what happened. It will be overseen by the chair of our oversight board with expert input from Professor Ciaran Martin, former head of the NCSC. It will report to the Treasury and the Treasury committee of parliament and identify the actions we take to ensure that it doesn’t happen again.” The OBR published the terms of reference for the inquiry, stating its starting point would be that “the OBR inadvertently made it possible to access the November 2025 economic and fiscal outlook (EFO) too early on budget day.” The investigation’s report was expected to be published no later than December 1, 2025.
While the OBR maintained that the episode was a “technical error,” the appointment of a cybersecurity expert like Martin opened the door to speculation about foul play. Hughes told the BBC, “It appears there was a link that someone was able to access—an external person. We need to get to the bottom of exactly what happened. We are going to do a full investigation and a full report to parliament. We are going to do that work quickly so that assurance in our systems is restored.”
Chancellor Reeves, for her part, expressed disappointment but stopped short of calling for Hughes’ resignation. Speaking to Sky News, she said, “Richard Hughes wrote to me yesterday evening, apologising for their error. It was a serious error, a serious breach. They have announced an investigation which will report to me very quickly. But I do have confidence in Richard and the OBR. They do important work. But what happened yesterday, it did let me down, and it shouldn’t have happened, and it must never happen again.” Reeves only learned of the leak as she was preparing to deliver her budget in the Commons—a moment that underscored the chaos caused by the breach.
The wider context for this mishap is a UK government increasingly focused on cybersecurity. Just weeks before the leak, a new bill was introduced to strengthen protections for critical national infrastructure, including hospitals, water suppliers, and transport networks. The hope is that lessons from the OBR’s blunder will inform better digital safeguards across Whitehall and beyond.
The OBR, established in 2010 to provide independent analysis of the UK’s public finances, has faced scrutiny before, but not on this scale since the infamous 1996 leak to The Daily Mirror. Back then, the editor chose not to publish the full contents and returned most documents to the Treasury—a contrast to today’s digital slip, where information can travel at lightning speed.
As the dust settles, the OBR’s challenge is clear: restore public and parliamentary trust, shore up its digital defenses, and ensure that next time, the only surprises on budget day are the ones intended by the Chancellor herself.
