WELLINGTON (Reuters) – The New Zealand Reserve Bank said Sunday it was responding urgently to a breach of one of its data systems.
A third-party file-sharing service used by the central bank to share and store sensitive information was illegally available, the bank said in a statement.
RBNZ manager Adrian Orr said the violation had been contained, but added that it would take time to understand the full consequences of the violation.
“The nature and scope of the information that was potentially available is still being determined, but may include some commercial and personal information,”
In August, a New Zealand stock exchange operator was hit by cyberattacks. InPhySec, an independent cybersecurity firm tasked with reviewing cyberattacks, said the scale, sophistication and duration of the attacks were unprecedented in New Zealand.
In a financial stability report from November 2019, RBNZ warns that the frequency and severity of cybersecurity incidents is increasing in New Zealand.
In February last year, the bank said in a report that the expected cost of cyber incidents for the banking and insurance industry was between NZD 80 million ($ 58 million) and NZD 140 million per year.
“More extreme events are unlikely, but still plausible,” the bank said in the report.
($ 1 = NZ $ 1.3808)
Report by Pravine Menon in Wellington and Lydia Kelly in Melbourne; Edited by William Mallard