AUS
NZ
UK
CA
USA
FRA
GER
ESP
ITA
NLD
PRT
SWE
GRC
IND
POL
BRA
ZAF
RUS
CHN
UAE
Summary
- RBNZ disclosed that the bank’s file sharing system had been hacked.
- Governor Adrian ORR stated that the third-party provider Accellion had advised the bank that it was not a specific attack on the bank and the cyber security of other users was also compromised.
- Accellion had found out about a vulnerability in its FTA software in mid-December 2020 and RBNZ was also informed about the same.
RBNZ revealed on January 10 that the bank’s file sharing system had been compromised after Accellion, a third-party service provider it uses to share and store sensitive data, was illegally accessed.
Accellion, a California based company, provides cloud solutions that prevent data and compliance violations from third-party cyber risk.
On January 11, Governor Adrian Orr provided further update that the breach of RBNZ’s data system had been contained, but it would take time to ascertain the impact of the damage.
RBNZ has been advised by Accellion that it was not a specific attack on the bank and other users of the file sharing application, called FTA, have also faced a breach in their respective cyber security programmes. The file sharing software was used to share data with external stakeholders and RBNZ is responding with urgency to know the causes of the breach.
FTA helps enterprises to transfer large and sensitive files securely by making use of 100% private cloud.
He stated that the bank was closely working with domestic and foreign cyber security experts, and other related agencies, as part of the investigation process. This also involves the National Cyber Security Center of the GCSB, which has been alerted and is providing advice and recommendations.
ALSO READ: Breach of data system raises alarm at RBNZ
The bank denied to reveal more details, as it could adversely impact the investigation and the steps to mitigate the breach. It is collaborating with system users about alternative methods to firmly share data.
RBNZ was alerted before the breach
The Reserve Bank was cautioned about a vulnerability that was found in its FTA software that it uses from Accellion in mid-December 2020. Accellion issued a patch to fix the problem within 3 days after the problem was found.
Rob Dougherty, an Accellion spokesperson, stated that the Company had informed customers about the P0 vulnerability in its FTA software. P0 is a technical term used by the tech firms to detect the most critical issues.
He called FTA as a legacy product that was about 20 years old and encouraged its customers to have the access to Accellion’s flagship enterprise content firewall program, kiteworks.
