Conspiracy or cock-up? Strong evidence Treasury published Budget accidentally - rather than a hack

Was the premature disclosure of the Government's Budget 2019 data a hack as the Treasury has claimed?

Hacking implies that someone tried to access the Budget data without authorisation, but so far no information has been forthcoming to support that claim.

Read more:
• Treasury hack 'not likely at all' - security expert

Instead, screenshots of the results from a Google search for "estimates of appropriation 2019/2020" are circulating on Twitter suggest that the data was published accidentally.

While clicking on the direct link to the Treasury website revealed no information, Google had fetched and cached copies of the Budget data, with a publication date of May 30.

The link to the 2019/2020 appropriations data and the cached copies are no longer available on Google, testing by the Herald showed.

Google last fetched data from the Treasury's Budget 2019 web pages on May 26 this year, a cached copy of the site showed.

The Treasury has admitted that staff uploaded some documents to the department's website for publication on May 30, but said the material was in a directory that was not accessible to the public.

Screen grabs of Budget links from Google. Image/supplied

Secretary of the Treasury Gabriel Makhlouf maintains that the budget material was accessed deliberately without authorisation.

He compared the Treasury website to a secure, padlocked room.

Makhlouf claimed that someone had attempted to prise open the bolt to the door 2000 times until the it weakened and the unknown actors got access to the documents, but provided no technical detail as to how the attack happened, or when.

Earlier this month, the Australian Competition and Commerce Commission was forced to apologise for the accidental publication of the regulator's decision to reject the billion dollar merger between telcos Vodafone and TPG.

Budget information displayed. Image/supplied.

The premature publication took place before a trading halt had been placed on TPG and Vodafone shares, which plunged when investors discovered the merger had been rejected.

ACCC blamed the accidental publication on a glitch in its website content management system, but provided no further technical detail on the flaw.

Treasury has referred the issue to the police, after seeking advice from the National Cyber Security Centre, and said it had found evidence that the information on the site was "deliberately and systematically hacked".

Want to see more from Juha Saarinen? Sign up here for the Business News newsletter to get the best premium stories sent to your inbox daily.