The Governor of the Reserve Bank of New Zealand, Adrian Orr, says the recent malicious and illegal breach of a file sharing application used by the Bank is "significant".
The breach stems from a service provided by Accellion called FTA (File Transfer Application), used by the Bank to share and store some sensitive information.
The Bank has been working overtime to understand the extent of the hack after previously warning that the compromised data may include some commercially and personally sensitive information
“Our investigation makes it clear we are dealing with a significant data breach," says Orr. "While a malicious third party has committed the crime, and we believe service provisions have fallen short of our agreement, the Bank has also fallen short of the standards expected by our stakeholders.”
A detailed forensic cyber investigation is underway and the Bank is working directly with affected stakeholders whose information may have been breached.
“There are serious questions that need to be answered about how this incident occurred and how to strengthen our systems and processes,” says Orr. “We have appointed an independent third party to undertake a comprehensive general review of this incident. We will be as transparent and clear as possible as this progresses, and will release the review’s terms of reference shortly.”
He says the Bank's immediate focus is on working directly with system users and those who may have had their information compromised.
"As our investigations progress, we are prioritising direct engagement with institutions and individuals affected," he adds. “We are not in a position to provide further details on the investigation at this time as it could adversely affect the investigation and the steps being taken to mitigate the breach."