Wellington Scoop
Network

Reserve Bank investigating illegal breach of file-sharing data system

Reserve Bank on the Terrace

News from Reserve Bank
The Reserve Bank of New Zealand – Te Pūtea Matua – continues to respond with urgency to a breach of a third-party file-sharing service used to share information with external stakeholders. Governor Adrian Orr says the breach is contained, but it will take time to determine the impact. The analysis of the potentially affected information is being done with pace and care.

“We are actively working with domestic and international cyber security experts and other relevant authorities as part of our investigation. This includes the GCSB’s National Cyber Security Centre which has been notified and is providing guidance and advice.”

“We have been advised by the third party provider that this wasn’t a specific attack on the Reserve Bank, and other users of the file sharing application were also compromised.”

“We recognise the public interest in this incident however we are not in a position to provide further details at this time.”

Providing any further details at this early stage could adversely affect the investigation and the steps being taken to mitigate the breach. The Reserve Bank will continue to work with affected stakeholders directly.

“Our core functions and New Zealand’s financial system remain sound, and Te Pūtea Matua is open for business. This includes our markets operations and management of the cash and payments systems. We will provide further facts when it is appropriate to do so.”

Key details of incident to date:

A third party file sharing service provided by Accellion called FTA (File Transfer Application), used by the Bank to share and store some sensitive information, was illegally accessed.
The system has been secured and taken offline while investigations are underway.
The Bank is communicating with system users about alternative ways to securely share data.
Work is continuing to confirm the nature and extent of information that has been potentially accessed. The compromised data may include some commercially and personally sensitive information.

News from Reserve Bank – January 10
The Reserve Bank of New Zealand – Te Pūtea Matua is responding with urgency to a breach of one of its data systems. A third party file sharing service used by the Bank to share and store some sensitive information, has been illegally accessed.

Governor Adrian Orr says the breach has been contained, and the Bank is treating the matter with the highest priority, and acting with urgency.

“We are working closely with domestic and international cyber security experts and other relevant authorities as part of our investigation and response to this malicious attack. The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information.”

“The system has been secured and taken offline until we have completed our initial investigations. It will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed. Our core functions remain sound and operational.”

Report from RNZ
Professor of Computer Science at Auckland University, Dave Parry, said the attack was significant. It was likely to be another government trying to attack the Reserve Bank, he said.

“Because ultimately if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom or whatever, so you’d be more interested probably coming in from a government to government level.”

Parry said cyber attacks were very common now and it was likely there will be more like this.

No comments yet.

Write a comment: