Welcome to our new website.
Please note our navigation has changed, so any bookmarks that you have to pages on our site will need to be updated. Subscribers won’t be affected. If you have any queries or issues please contact [email protected]
The Reserve Bank of New Zealand – Te Pūtea Matua continues to respond with urgency to a breach of a third party file sharing service used to share information with external stakeholders.
Governor Adrian Orr says the breach is contained, but it will take time to determine the impact. The analysis of the potentially affected information is being done with pace and care.
“We are actively working with domestic and international cyber security experts and other relevant authorities as part of our investigation. This includes the GCSB’s National Cyber Security Centre which has been notified and is providing guidance and advice.”
“We have been advised by the third party provider that this wasn’t a specific attack on the Reserve Bank, and other users of the file sharing application were also compromised.”
“We recognise the public interest in this incident however we are not in a position to provide further details at this time.”
Providing any further details at this early stage could adversely affect the investigation and the steps being taken to mitigate the breach. The Reserve Bank will continue to work with affected stakeholders directly.
“Our core functions and New Zealand’s financial system remain sound, and Te Pūtea Matua is open for business. This includes our markets operations and management of the cash and payments systems.”
We will provide further facts when it is appropriate to do so.
Key details of incident to date:
- A third party file sharing service provided by Accellion called FTA (File Transfer Application), used by the Bank to share and store some sensitive information, was illegally accessed.
- The system has been secured and taken offline while investigations are underway.
- The Bank is communicating with system users about alternative ways to securely share data.
- Work is continuing to confirm the nature and extent of information that has been potentially accessed. The compromised data may include some commercially and personally sensitive information.