New Zealand’s central bank says one of its data systems was breached by an unidentified hacker who potentially gained access to sensitive business and personal information.
A third-party file-sharing service used by the Reserve Bank of New Zealand to share and store sensitive information has been illegally accessed, the Wellington-based bank said in a statement.
Governor Adrian Orr said the breach has been contained. The main functions of the bank “remain strong and operational,” he said.
“We are working closely with national and international cybersecurity experts and other relevant authorities as part of our investigation and response to this malicious attack,” Orr said.
“The nature and extent of potentially accessible information is still being determined, but it may include commercially and personally sensitive information,” Orr added.
The system had been secured and taken offline until the bank completed its initial investigations. “It will take time to understand the full implications of this flaw and we are working with users of the system whose information may have been accessed,” Orr said. The bank declined to answer questions emailed for further details.
It is not known when the breach took place or if there was any indication of who was responsible, and in which country the file sharing service was based.
Several large New Zealand organizations have been the target of cyber interference over the past year, including the New Zealand Stock Exchange, whose servers were shut out of public view for nearly a week in August. .
Dave Parry, professor of computer science at the University of Auckland, told Radio New Zealand that another government was likely behind the bank data breach.
“At the end of the day, if you were coming from some sort of criminal perspective, government agencies wouldn’t pay your ransom or whatever, so you’d probably be more interested in coming from a government-to-government level,” Parry said.