Stakeholders told which of their files on the File Transfer Application were downloaded illegally during the breach.
The Reserve Bank of New Zealand – Te Pūtea Matua investigation into the malicious illegal breach of a third-party file sharing application has significantly progressed.
Governor Adrian Orr said the investigation remains the Bank’s highest priority, including supporting stakeholders to help them manage risks and take appropriate action.
“With the assistance of New Zealand and international police, and forensic security specialists, the cause of the breach is now understood and resolved. The system is closed,” he said. “Significantly, we have a good understanding of the scope of the breach. Based on the results of our investigation and analysis to date we have been able to tell stakeholders which of their files on the File Transfer Application were downloaded illegally during the breach.”
Governor Orr noted, this prioritised analysis is continuing, and the Reserve Bank is supporting stakeholders to manage risks and respond appropriately.
“We are also keeping the Office of the Privacy Commissioner regularly informed and we’re taking its guidance,” he said. “The Bank’s core functions are unaffected, sound and operational. I’m thankful for the support of our public and private sector partners, but I am disappointed and sorry this data theft has occurred.”
Governor said there were some serious questions that have been answered by the team at the Bank and there are more for the supplier of the system that was breached.
“That is the subject of an independent review by KPMG that is now underway,” he said.
Early in January the Reserve Bank of New Zealand – Te Pūtea Matua responded to a breach of a third party file sharing service used to share information with external stakeholders.
Governor Adrian Orr says the breach is contained, but it will take time to determine the impact. The analysis of the potentially affected information is being done with pace and care.
“We are actively working with domestic and international cyber security experts and other relevant authorities as part of our investigation,” stated the Governor at the time. T’his includes the GCSB’s National Cyber Security Centre which has been notified and is providing guidance and advice.”