A report into how sensitive documents were accessed by the National Party before last year's Budget has found Treasury governance, oversight and risk management processes fell short.
Former Treasury Secretary Gabriel Makhlouf characterised the data breach as a hack and referred the matter to the police.
However, it was revealed the documents were found just by a search of the Treasury website.
The report found consideration wasn't given to Budget Day when moving to a new website.
This led to a rushed decision to publish budget documents on a clone website, that had a shared index with the live website.
This meant snippets of data from the clone site came up in the search function.
The report found this design flaw also existed in the 2018 Budget.