By bizn_fun 
The OBR brought in Ciaran Martin, the former chief executive of the National Cyber Security Centre, to lead the investigation into how the forecasts were accessed early.
However, the OBR concluded there was no reason to suspect the involvement of foreign actors or cyber-criminals, or of “connivance by anyone working for the OBR”.
Prof Martin’s technical account was that the OBR analysis was available at a hidden url for 38 minutes between 11:30 and 12:08 on the morning of the Budget.
An attempt was made to access the URL as early as 05:16. The review did not seek to trace who accessed or attempted to access the document.
Prof Martin concluded this was a pre-existing weakness in the OBR publication system because of the premature access to March’s forecasts. Prof Martin said that breach, half an hour before when it should have been published, could have been accidental, but it led him to conclude the issue was not new.
On the reason for the early publication, Prof Martin said it was related to the software the OBR chose to publish to its website, which was more suitable for a small or medium company than a major publication of critical market-sensitive data.
While OBR staff thought they had applied safeguards to prevent early publication, there were two errors in the way in which they were set up on the publishing platform WordPress that effectively bypassed these controls.
WordPress is a content management system, and is said to be the most popular tool of its kind for creating and designing web pages.
One error was to do with a plug-in (an optional extra) the OBR had installed in WordPress, which had the unintended effect of bypassing the need to log in to access documents intended for future publication.
And the second was the directory in which the file was put ahead of publication allowed anyone to download a file directly.
The OBR got an exemption in 2013 from using a more secure government publishing platform for independent authorities in order to help with its autonomy. In other IT security areas, such as secure email, the OBR had adopted the secure Treasury systems.