The Governor of the Reserve Bank of New Zealand, Adrian Orr, says the recent malicious and illegal breach of a file sharing application used by the Bank is significant, and has our full attention.
Mr Orr says New Zealand’s financial system and institutions remain sound, and Te Pūtea Matua is open for business. The standalone File Transfer Application system that was breached has been secured and closed.
“We apologise unreservedly to all of those impacted by the breach. Personally, I own this issue and I am disappointed and sorry,” Mr Orr says.
“Our investigation makes it clear we are dealing with a significant data breach. While a malicious third party has committed the crime, and we believe service provisions have fallen short of our agreement, the Bank has also fallen short of the standards expected by our stakeholders.”
A detailed forensic cyber investigation is underway and RBNZ is working directly with affected stakeholders whose information may have been breached.
“We recognise the public interest in this incident and we acknowledge there are serious questions that need to be answered about how this incident occurred and how to strengthen our systems and processes,” says Mr Orr.
“In addition to the forensic cyber investigation currently underway, we have appointed an independent third party to undertake a comprehensive general review of this incident. We will be as transparent and clear as possible as this progresses, and will release the review’s terms of reference shortly.”
“Our immediate focus is on working directly with system users and those who may have had their information compromised. It is a complex process and accuracy and security are important. As our investigations progress, we are prioritising direct engagement with institutions and individuals affected. We thank stakeholders for their patience and understanding.
“Be assured, we are taking action. We are working closely with public authorities and utilising international experts as we respond. We are doing so in a whole of Government framework, utilising the National Security System.”
“We are not in a position to provide further details on the investigation at this time as it could adversely affect the investigation and the steps being taken to mitigate the breach,” says Mr Orr.
Ongoing updates on the investigation process will be provided via the Reserve Bank Data Breach Response page, and email service.
