Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Reserve Bank urgently responding to 'illegal breach of data system'

Sunday, 10 January 2021

The Reserve Bank has not said whether a breach it reported on Sunday was ransomware or some other form of compromise; governor Adrian Orr said it would take time to “understand the implications”.
The Reserve Bank has not said whether a breach it reported on Sunday was ransomware or some other form of compromise; governor Adrian Orr said it would take time to “understand the implications”.

The Reserve Bank says it is “responding with urgency” to a breach of a computer system.

A government spokesman said Prime Minister Jacinda Ardern, Finance Minister Grant Robertson and GCSB Minister Andrew Little had been notified of the breach, but said ministers were leaving comment to the Reserve Bank.

The bank issued a statement shortly after 2pm on Sunday saying a “third party file sharing service” used by the bank to share and store some sensitive information, had been illegally accessed.

Governor Adrian Orr said the breach had been contained, but the bank was treating the matter with “the highest priority, and acting with urgency”.

**READ MORE:

* The five hot topics for the Reserve Bank in 2021

Prime Minister Jacinda Ardern is among ministers who were advised of the data breach by the Reserve Bank.
Prime Minister Jacinda Ardern is among ministers who were advised of the data breach by the Reserve Bank.

* Now may be as good as it gets for the economy in 2021

**

“We are working closely with domestic and international cyber security experts and other relevant authorities as part of our investigation and response to this malicious attack,” Orr said in a statement.

“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” he said.

Orr said the system had been “secured” and taken offline until the bank had completed its initial investigations.

“It will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed. Our core functions remain sound and operational,” he said.

A Reserve Bank spokesman said the central bank did not intend to make any further comment on Sunday, but indicated it would provide more information at some point.

The bank would not comment on whether there was any financial risk to the bank, what system had been compromised, or how and when the bank had become aware of the breach.

Nor would it say whether it believed it had been specifically targeted.

The nature of attack – for example whether it is a ransomware attack or some other compromise – also remains unclear.

The bank holds large amounts of confidential information on the banks and other businesses it regulates, and manages huge programmes to manage the money supply, such as its $100 billion quantitative easing programme and $28b Funding for Lending scheme.

Infometrics economist Brad Olsen said people would have “a lot of questions” but it seemed too soon to speculate on the significance of the incident.

“The mere fact they have come out on a Sunday to highlight this does indicate they are willing to be proactive,” he said.

But the Reserve Bank would want to have a clear understanding itself of what had happened before it disclosed more, he said.

“There will be quite a few people guessing but that is really all it is until we hear more from the bank.”

Ironically, one of the Reserve Bank’s responsibilities is to provide guidance to banks and other businesses in its regulatory sphere on mitigating the risks posed by cyber attacks.

Deputy governor Geoff Bascand signalled in 2019 that it would become more involved in that area and the bank is currently consulting on cyber security advice that would apply to all registered banks and insurers.