Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Reserve Bank statistics go dark for a few weeks due to hack

Friday, 22 January 2021

Reserve Bank governor Adrian Orr apologised for the 'Accellion hack' in 2021 but is still fighting to avoid saying whether it paid a ransom (video first published August 2021).

The Reserve Bank won’t be publishing most of the statistics it usually provides on the banking sector for a few weeks because of a hack it discovered last week.

The bank said it expected to postpone the publication of most of its statistical releases for “three to four weeks” because of the hack.

A file-sharing system supplied by Californian company Accellion that banks used to submit confidential data to the Reserve Bank was illegally accessed.

The hack is believed to have occurred after the bank was slow to patch a serious vulnerability that Accellion identified in the software in December.

**READ MORE:

* Reserve Bank hack: Adrian Orr admits bank 'fell short'

* Reserve Bank hack has brought its capabilities into question

Reserve Bank says it now knows what files the hackers managed to illegally download.
Reserve Bank says it now knows what files the hackers managed to illegally download.

* Reserve Bank hack: bank may not have applied patch in time

**

A spokesman for the Office of the Privacy Commissioner said on Thursday that no other New Zealand users of the software system, Accellion FTA, had reported a data breach, as might be required under new privacy rules if there were other victims.

The Reserve Bank has turned off the file-sharing system while it deals with the breach, and that is impacting its ability to produce its usual reports on the economy.

The bank said the publications that would be affected included those reporting on bank lending, credit card balances, new mortgage data, banks’ balance sheets and retail interest rates.

The hack could also interfere with the publication of its December-quarter Bank Financial Strength Dashboard which was scheduled for release on March 3.

The Reserve Bank would not be collecting data from banks for statistical purposes until a new secure file transfer system was implemented next month, it indicated.

Governor Adrian Orr apologised for the breach last Friday, saying it had “fallen short” and that he took personal responsibility for that.

The bank said it now had a good understanding of the extent of the breach and had been able to tell stakeholders which of their files were “downloaded illegally”.

The bank has not so far disclosed what that data is, whether it received any ransom demand or whether it has any information on who might be behind the hack.