Navigation for News Categories
The Reserve Bank building in Wellington.
On Sunday, the RBNZ revealed it was responding to a data breach of a third party file sharing system it used to share and store sensitive information.
In an update, RBNZ governor Adrian Orr said the breach was the result of the third party provider, Acellion, being hacked.
Acellion is a Californian based software firm which provides secure file sharing services.
“We have been advised by the third party provider that this wasn’t a specific attack on the Reserve Bank, and other users of the file sharing application were also compromised,” Orr said.
The compromised data may include some commercially and personally sensitive information but it would take time before RBNZ could be certain.
The new development came after a cyber security expert suggested the RBNZ was likely hacked by another government.
“We are actively working with domestic and international cyber security experts and other relevant authorities as part of our investigation,” Orr said.
“This includes the GCSB’s National Cyber Security Centre which has been notified and is providing guidance and advice.”
RNZ has learned that minister of finance Grant Robertson had been informed about the attack and was keeping a close eye on the situation.
Photo: RNZ / Dom Thomas
Orr said he understood the high level of public interest in the data breach but was not in a position to release any further details.
“Providing any further details at this early stage could adversely affect the investigation and the steps being taken to mitigate the breach.”
The RBNZ is charged with overseeing the country’s monetary policy and supporting the financial system as a whole.
In October, the bank announced it was taking steps to ensure retail banks and other regulated financial services improved their cyber security.
It released a draft guidance, which would apply to the financial entities it regulated, and draws heavily from international cyber security standards.
Last May, RBNZ said in a discussion document its cyber security systems were not up to scratch and there was a “high operational risk due technical obsolescence and an underinvestment in security across many of the core technology platforms”.
It said it wanted to lower operational risk by a “phased migration to resilient platforms underpinning our business”.
Get the RNZ app
for ad-free news and current affairs
Send your news and stories to us email@example.com or firstname.lastname@example.org and WhatsApp: +447747873668.
Before you go...
Democratic norms are being stress-tested all over the world, and the past few years have thrown up all kinds of questions we didn't know needed clarifying – how long is too long for a parliamentary prorogation? How far should politicians be allowed to intervene in court cases? To monitor these issues as closely as we have in the past we need your support, so please consider donating to The Climax News Room.