Reserve Bank of New Zealand making good progress on addressing data breach

Release date
22 January 2021

The Reserve Bank of New Zealand – Te PÅ«tea Matua investigation into the malicious illegal breach of a third-party file sharing application has significantly progressed.

Governor Adrian Orr says the investigation remains the Bank’s highest priority, including supporting stakeholders to help them manage risks and take appropriate action.

“With the assistance of New Zealand and international police, and forensic security specialists, the cause of the breach is now understood and resolved. The system is closed.

“Significantly, we have a good understanding of the scope of the breach.

“Based on the results of our investigation and analysis to date we have been able to tell stakeholders which of their files on the File Transfer Application (FTA) were downloaded illegally during the breach.

“This prioritised analysis is continuing and we are supporting stakeholders to manage risks and respond appropriately.

“We are also keeping the Office of the Privacy Commissioner regularly informed and we’re taking its guidance.

“The Bank’s core functions are unaffected, sound and operational.

“I’m pleased with the way the Bank has stepped up in responding to this breach, and I’m thankful for the support of our public and private sector partners, but I am disappointed and sorry this data theft has occurred.

“There are some serious questions that have been answered by the team at the Bank and there are more for the supplier of the system that was breached. That is the subject of an independent review by KPMG that is now underway.

“I will provide an update on the review process next week,” says Mr Orr.

Ongoing updates on the investigation process will be provided via the Reserve Bank Data Breach Response page, and email service.

Media Contact:
Oliver Bates
Manager, External Stakeholders
DDI: +64 4 474 8627
Email: [email protected]