NZ Reserve Bank warns of data breach

By Dylan Bushell-Embling
Wednesday, 13 January, 2021

The Reserve Bank of New Zealand has warned it is investigating a data breach on one of its data systems that may have exposed sensitive personal information.

A third-party file sharing service used to store some sensitive information has been illegally accessed, the Bank warned.

Reserve Bank of New Zealand Governor Adrian Orr said while the security breach has been contained, the extent of the damage is yet to be determined.

“We are working closely with domestic and international cybersecurity experts and other relevant authorities as part of our investigation and response to this malicious attack. The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” he said.

The Bank has taken the system offline until initial investigations are concluded, and is working with system users whose information may have been accessed, Orr added. But he insisted that the Bank’s core functions remain “sound and operational”.

The Bank has subsequently disclosed that the third-party provider was enterprise data protection company Accellion and the file sharing service was the company’s File Transfer Application (FTA) product.

Accellion has advised that the attack wasn’t a specific attack on the Reserve Bank, and that other users of FTA were also compromised.

Orr said the Bank is now actively working with domestic and international cybersecurity experts and other relevant authorities as part of its investigation into the breach, including the Government Cyber Security Bureau’s National Cyber Security Centre.

Image credit: ©stock.adobe.com/au/Alexey Novikov