New Zealand’s central bank governor has raised questions about the organization’s vulnerability following a cyber attack described as “significant”. Last week, the Reserve Bank of New Zealand (Te Pūtea Matua) was hit by a breach of a third-party file-sharing system used to share and store information.
Although the breach came via a technology supplier’s software – Accellion’s File Transfer Application – the central bank’s governor, Adrian Orr, said the bank had fallen short in protecting stakeholders. “There are serious questions that need to be answered about how this incident occurred and how to strengthen our systems and processes,” he said. The central bank has appointed an independent company to undertake a comprehensive review of how it happened. “We will be as transparent and clear as possible as this progresses and will release the review’s terms of reference shortly,” said Orr.
The bank said it was working with organizations that might have experienced data breaches due to the attack. “As our investigations progress, we are prioritizing direct engagement with institutions and individuals affected,” added Orr.
In its latest update, the bank said: “We are working closely with international and domestic cyber security experts and other relevant authorities as part of our investigation and response. The nature and extent of information that has been illegally downloaded are still being determined, but it may include some commercially and personally sensitive information.”