The Reserve Bank of New Zealand is scrambling to uncover the extent of a breach into a data system service used to share information with external stakeholders.
The breach stems from a service provided by Accellion called FTA (File Transfer Application), used by the Bank to share and store some sensitive information.
Governor Adrian Orr says the breach is contained, but it will take time to determine the impact.
"The compromised data may include some commercially and personally sensitive information," states the Bank.
Says Orr: “We are actively working with domestic and international cyber security experts and other relevant authorities as part of our investigation. This includes the GCSB’s National Cyber Security Centre which has been notified and is providing guidance and advice.
“We have been advised by the third party provider that this wasn’t a specific attack on the Reserve Bank, and other users of the file sharing application were also compromised.”
The system has been secured and taken offline while investigations are underway, he adds, and work is continuing to confirm the nature and extent of information that has been potentially accessed.
The Bank is communicating with system users about alternative ways to securely share data.
“Our core functions and New Zealand’s financial system remain sound, and Te Pūtea Matua (the central bank) is open for business," states Orr. "This includes our markets operations and management of the cash and payments systems.”
Last year the New Zealand Stock Exchange was the victim of a crippling cyber attack that knocked the main market offline for several days and led to the resignation of chief technology officer David Godfrey