Commercially and personally sensitive information may have been accessed by malicious attackers who accessed a third-party file-sharing service used by the RBNZ.
The RBNZ (Reserve Bank of New Zealand) on Sunday (10 January) disclosed that a third-party file-sharing service it uses to share and store sensitive information has been illegally accessed by unauthorised external parties.
The third party service, called FTA (File Transfer Application), is provided by Accellion. Other users were also affected, indicating that the attack was not a specific attack on the RBNZ.
Nevertheless, the RBNZ says it is to the breach “with urgency” and that the system in question has been secured and taken offline until it has completed initial investigations.
“We are working closely with domestic and international cyber security experts and other relevant authorities as part of our investigation and response to this malicious attack,” RBNZ governor Adrian Orr said.
“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information.”
Orr said it will take time to understand the full implications of the breach.
“We are working with system users whose information may have been accessed. Our core functions remain sound and operational,” he added.