Cyber incident at the NZ Central Bank
The New Zealand Reserve Bank has confirmed a cyber security incident involving its third party file sharing service provider, Accellion, through which confidential data was shared and stored.
The cybersecurity incident was due to illegitimate access to the file transfer service called FTA (File Transfer Application), whereby sensitive business and personal information could be compromised.
The scope and nature of the incident is currently unknown. The Bank has launched an investigation and is informing its customers through alternative secure channels. Accellion also confirmed that what happened was not an attack on the Bank, but affected other customers in the same way and that the vulnerability of the FTA service has been patched.
[Update 22/02/2021] After completing the investigation of the files which were downloaded illegally during the cyberattack, it has been confirmed that some of them contained personal information relating to email addresses, dates of birth and financial data. Core services of the bank remain intact and operational.
References:
- 10/01/2021 rbnz.govt.nz Reserve Bank responding to illegal breach of data system
- 11/01/2021 rbnz.govt.nz Reserve Bank response to illegal breach of data system
- 10/01/2021 bleepingcomputer.com New Zealand Reserve Bank suffers data breach via hacked storage partner
- 10/01/2021 nbcnews.com New Zealand central bank says data system hacked, sensitive information potentially accessed
- 15/01/2021 reuters.com New Zealand central bank governor apologises after cyberattack resulted in serious data breach
- 15/02/2021 rbnz.govt.nz Our response to Data Breach