'Human error' that led to Treasury Budget information access well-known - source

The AM Show 30/05/2019

A senior Treasury source told Newshub Budget information obtained by the National Party was the result of a "human error" at Treasury when high-level documents were published to a test website that was not supposed to be publicly available.

According to the source, the fact it was a human error is well-known within Treasury to middle management level.

The source raised concerns about "the lies coming out of Treasury in the last 24 hours" and called Treasury Secretary Gabriel Makhlouf's decision to call in the Police over hacking allegations "absurd". They said staff within Treasury are feeling "embarrassed".

On Tuesday night, Makhlouf said Treasury had gathered enough evidence to indicate that its systems had been "deliberately and systematically hacked" and referred the matter to police on the advice of the National Cyber Security Centre.

Newshub has learnt that the usual process for loading Budget documents online is to use what's called a User Acceptance Testing (UAT) website, a test site that allows users to try out content online before it goes live to the public.

On Thursday, Treasury confirmed it had developed a clone of its website and Budget information was added to the cloned website "as and when each Budget document was finalised."

"On Budget Day, the Treasury intended to swap the clone website to the live website so that the Budget 2019 information was available online.

"As part of the search function on the website, content is indexed to make the search faster... the clone also copies all settings for the website including where the index resides.

This led to the index on the live site also containing entries for content that was published only on the clone site.

The clone website itself was not publicly accessible, the statement said, but a specifically-worded search on the live website would be able to surface "small amounts of content from the 2019/20 Estimates documents".

The details obtained and released by National were relatively old and do not completely represent the figures that will be revealed in today's Budget according to our source.

Newshub understands a data management team at Treasury was directly but not deliberately responsible for the botch-up.

Makhlouf told The AM Show on Wednesday that parts of the Budget information had been in the process of being uploaded, but that information wasn't publicly available.

"There is a lot of information that is uploaded and it takes time to upload. So there was a process, but it wasn't open to the public."