Reserve Bank data breach: Sensitive information illegally accessed

Author
NZ Herald,
Publish Date
Sun, 10 Jan 2021, 3:12PM
RBNZ also plans controls to require larger deposits from March 2021. Photo / file
RBNZ also plans controls to require larger deposits from March 2021. Photo / file

Reserve Bank data breach: Sensitive information illegally accessed

Author
NZ Herald,
Publish Date
Sun, 10 Jan 2021, 3:12PM

The Reserve Bank of New Zealand is responding "with urgency" to a breach of one of its data systems.

A third-party file sharing service used by the Bank to share and store some sensitive information, has been illegally accessed.

Governor Adrian Orr says the breach has been contained, and the Bank is treating the matter with the highest priority, and acting with urgency.

"We are working closely with domestic and international cyber security experts and other relevant authorities as part of our investigation and response to this malicious attack. The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information."

"The system has been secured and taken offline until we have completed our initial investigations. It will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed. Our core functions remain sound and operational."

A spokesman for the RBNZ refused to immediately name the third-party provider, nor if the GCSB or any other government security agency had been roped in to assist.

The past 12-months have seen an escalation in cyberattacks, according to Crown agency Cert (Computer Emergency Response Team) NZ, with attacks increasing by 33 per cent year-on-year.

August and September saw the GCSB come to NZX's aid as the local stock exchange struggled to repel a series of DDoS (distributed denial of service) attacks that overwhelmed its website.

Earlier in 2020, there were cyberattacks on multiple corporate targets including Fisher & Paykel Appliances, Toll Group and Lion.

In F&P Appliance''s case, a "ransomware" gang leaked a number of its spreadsheet and planning files onto the internet, in a bid to pressure the company to pay for the return of its stolen files. F&P refused.

AUT computer science professor Dave Parry told the Herald that a Covid was a double-whammy had contributed to the dramatic rise in cyberattacks.

The pandemic has spurred a working-from-home boom, often involving much lower security, as the same time that lockdowns around the globe had reduced many of organised crimes' usual "real-life" avenues - leading to a spike in cybercrime.

Businesses were being targeted to exploit the gaps in security that were opening up as staff shuffled files between work and home - and simply because commercial organisations are richer targets.