Data breach at New Zealand’s Reserve Bank after third-party service hack

New Zealand’s central bank has suffered a data breach after an unknown actor gained unauthorized access to a third-party file sharing service.

The Reserve Bank of New Zealand – Te Pūtea Matua – confirmed on Sunday (January 10) that sensitive personal and commercial information had potentially been accessed by the malicious hacker.

The breach has since been contained, the bank said. Its core business functions “remain sound and operational”.

Non-specific attack

Reserve Bank Governor Adrian Orr said that the attack against the Accellion FTA file-sharing software was not specific to the bank.

Orr said in a statement: “We have been advised by the third-party provider that this wasn’t a specific attack on the Reserve Bank, and other users of the file sharing application were also compromised.”

The affected system has been taken offline, though no further details have been released about the incident by the bank, as it said that “providing any further details at this early stage could adversely affect the investigation and the steps being taken to mitigate the breach”.

It also isn’t clear how many customers have been potentially affected in the breach or whether financial information was taken. If banking information was accessed, this could lead to an increased risk of fraud for customers.The Daily Swig has reached out to the Reserve Bank for more details.

Source: https://portswigger.net/daily-swig/data-breach-at-new-zealands-reserve-bank-after-third-party-service-hack