New Zealand Data Breach, January 10 2021

New Zealand Reserve Bank urgently responding to ‘illegal data breach’

The bank issued a statement shortly after 2pm (New Zealand time) on Sunday saying a “third party file sharing service” used by the bank to share and store some sensitive information, had been illegally accessed.

Company Statement: Reserve Bank response to illegal breach of data system
Source: New Zealand Reserve Bank urgently responding to ‘illegal data breach’ | SMH
More reports from: SMH – The Sydney Morning Herald.

Key details of incident to date:

  • A third party file sharing service provided by Accellion called FTA (File Transfer Application), used by the Bank to share and store some sensitive information, was illegally accessed.
  • The system has been secured and taken offline while investigations are underway.
  • The Bank is communicating with system users about alternative ways to securely share data.
  • Work is continuing to confirm the nature and extent of information that has been potentially accessed. The compromised data may include some commercially and personally sensitive information.

Governor Adrian Orr said the breach had been contained, but the bank was treating the matter with “the highest priority, and acting with urgency”.

“We are working closely with domestic and international cyber security experts and other relevant authorities as part of our investigation and response to this malicious attack,” Orr said in a statement.

The bank holds large amounts of confidential information on the banks and other businesses it regulates, and manages huge programmes to manage the money supply, such as its $NZ100 billion ($93 billion) quantitative easing programme and $NZ28 billion Funding for Lending scheme.

Ironically, one of the Reserve Bank’s responsibilities is to provide guidance to banks and other businesses in its regulatory sphere on mitigating the risks posed by cyber attacks.