ADVERTISEMENT

WordPress plugin blunder caused UK budget leak, OBR head resigns

A misconfigured WordPress extension led to the premature disclosure of last week’s UK autumn budget, a report has found, prompting OBR head Richard Hughes, who is responsible for overseeing government spending, to resign.

wordpress logo with hole

By Cybernews.

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Dec 2, 2025 Updated: 3 December 2025 4 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.

What are the details of the OBR leak?

UK Chancellor Rachel Reeves
Misconfiguration of WordPress extension Download Monitor led to early, indiscriminate access of budget documents
“In short, the technical causes of the premature access were two mutually contributory configuration errors, one in the configuration and use of Download Monitor, a third-party WordPress plug-in, and one in the configuration of WordPress and the underlying server.”
OBR report
ADVERTISEMENT

Why did the OBR use WordPress?

“It seems to me like the decision to maintain an entirely separate web presence was a false choice. No one will particularly care about the exact domain address of the OBR’s website, and the consequences of that decision is that a body that was charged with secure publishing of major documents of national significance has the capabilities of a small to medium-sized business instead of the capabilities of a major government department.”
Ciaran Martin

Was budget doc access a well-known secret?

High Speed Computer Keyboard Typing by Professional Hacker
OBR's logging analysis shows that the people who accessed the docs early knew what they were looking for

OBR not alone in naming error blunder

Xbox-data-leak
Unreacted PDFs with Xbox roadmaps were the cause of a similar leakage two years ago

ADVERTISEMENT