The Reserve Bank of New Zealand says it is “responding with urgency” to a breach of its data systems, where an unidentified hacker accessed a file sharing service which shared information with external stakeholders.
Reserve Bank Governor Adrian Orr assured the public that the breach has been contained and that the bank’s core functions have remained operational, however he says it will “take time to determine the impact” of the malicious attack.
“We are actively working with domestic and international cyber security experts and other relevant authorities as part of our investigation,” Orr commented.
“This includes the GCSB’s National Cyber Security Centre, which has been notified and is providing guidance and advice.”
“Our core functions and New Zealand’s financial system remain sound, and Te Pūtea Matua is open for business,” he added. “This includes our markets operations and management of the cash and payments systems.”
Orr says the third-party provider that was targeted - Accellion - was not specific to the Reserve Bank, and that other users of the platform have also been affected. He says that offering up more detail could negatively impact the ongoing investigation, but that the Reserve Bank will continue to work directly with affected shareholders.
Commenting on high-profile data breaches, Delta Insurance managing director Ian Pollard said that he has seen a marked increase in cyber insurance claims from commercial clients since the start of the COVID-19 crisis, but that the underlying risk exposure has always been present.
“Increased cyber exposures both in the workplace and on the home front have certainly accentuated risk exposure,” Pollard said.
“We’re expecting to see more cyber claims start emerging over the coming year, and we’ve already seen several cyberattacks on ‘prestigious’ institutions such as the NZX here in New Zealand.”
“But while the COVID-19 crisis is accentuating that, the underlying high levels of risk exposure have been there for quite a long time,” he explained.
“We’re seeing these kinds of attacks almost on a weekly basis, it’s nothing new - this is an issue which has been going on for a while.”
The Reserve Bank is currently looking at “alternative ways to securely share data,” and has taken its systems offline while investigations continue.