Cyber incident at the NZ Central Bank

The New Zealand Reserve Bank has confirmed a cyber security incident involving its third party file sharing service provider, Accellion, through which confidential data was shared and stored.

The cybersecurity incident was due to illegitimate access to the file transfer service called FTA (File Transfer Application), whereby sensitive business and personal information could be compromised.

The scope and nature of the incident is currently unknown. The Bank has launched an investigation and is informing its customers through alternative secure channels. Accellion also confirmed that what happened was not an attack on the Bank, but affected other customers in the same way and that the vulnerability of the FTA service has been patched.

[Update 22/02/2021] After completing the investigation of the files which were downloaded illegally during the cyberattack, it has been confirmed that some of them contained personal information relating to email addresses, dates of birth and financial data. Core services of the bank remain intact and operational.