A scathing report into how National got its hands on sensitive Budget information prematurely has placed the blame for the blunder on Treasury's top brass.
A State Services Commission (SSC) report in to the saga, released this morning, has concluded that "governance and oversight at the Treasury's executive-level fell short".
The risk-management process around last year's Budget was not good enough and concerns around security risks were not escalated, it says.
The commission's investigation has also revealed that the same security flaws that led to the blunder also existed in 2018.
"This should not have happened," State Services Commissioner Peter Hughes said.
"Somethings are so critical that they can never be allowed to fail. Security of the Budget is one of these."
Last year, just weeks before the 2019 Budget, National released information it said the party had obtained from the Budget ahead of its release.
At first, the Treasury claimed it had been "hacked" and referred the matter to the police to investigate.
But, as National later revealed, the information had been obtained through a simple search function on the Treasury's website.
The SSC launched an investigation, which had to be started again after one of the investigators failed to disclose a conflict of interest in November.
This morning, the commission concluded that Treasury's failure to keep Budget sensitive information secure was "not acceptable".
Although Hughes said Treasury had an excellent reputation when it came to fiscal and economic policy with good people doing their best, "sometimes doing your best is not enough".
"Some things you just need to get right. Each and every time. For these you need to check, check and check again."
That didn't happen with security around Budget 2019, he said and added that he was disappointed that Treasury's senior leadership was not "hands-on" enough with the task.
A "series of technical decisions" led to the flaw in Treasury's systems which allowed the information to be searchable ahead of time, the report said.
The Treasury Secretary at the time of the blunder, Gabriel Makhlouf, has since left the role and is now Ireland's Reserve Bank Governor.
Makhlouf was not mentioned by name in the report, but a separate investigation into Makhlouf's leadership in the saga midway through last year found his actions were not reasonable and he should have taken more personal responsibility.
Makhlouf has always maintained his innocence.
Hughes said that he is confident the new Treasury Secretary, Caralee McLiesh, has made the necessary changes to ensure the blunder never happens again.
This includes the appointment of an executive to personally overseas Budget security matters, as well as new security and testing policies.
McLiesh said the Treasury accepts all the report's findings.
"The Budget is a core priority of the Treasury and what happened should never happen again," she said.
