WELLINGTON – New Zealand’s central bank chief today apologised for failings that allowed a “significant” and “malicious” cyberattack to occur, and ordered an independent investigation.
The Reserve Bank of New Zealand revealed the breach on Sunday, saying a third-party file-sharing service that stored sensitive information was illegally accessed.
Few details have been released since, aside from the bank saying the application at the centre of the breach was provided by US-based firm Accellion.
Governor Adrian Orr, in a statement today, confirmed that the data breach was significant, but has since been contained and the bank is operating normally, as are New Zealand’s financial institutions.
“We apologise unreservedly to all of those impacted by the breach. Personally, I own this issue, and I am disappointed and sorry.
“While a malicious third party has committed the crime, and we believe service provisions have fallen short of our agreement, the bank has also fallen short of the standards expected by our stakeholders.”
He acknowledged that “there are serious questions that need to be answered about how this incident occurred”.
“In addition to the forensic cyber investigation currently under way, we have appointed an independent third party to undertake a comprehensive general review of this incident.”
He pledged to be as transparent as possible, but said providing further details at the moment could adversely affect the probe.
In its latest report, the Computer Emergency Response Team, a government agency, said cyberattacks have increased 33% on-year in New Zealand.
The country’s stock exchange was targeted by sustained DDoS, or distributed denial of service, attacks last August, forcing trading to be halted for four consecutive days. – AFP, January 15, 2021
.jpg)
