New Zealand Reserve Bank suffers data breach via hacked storage partner

silversurfer

Level 70
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,984
The Reserve Bank of New Zealand, known as Te Pūtea Matua, has suffered a data breach after threat actors hacked a third-party hosting partner.
The Reserve Bank is the central bank of New Zealand and is responsible for creating monetary policy to stabilize prices in the country.

On January 10th, the Reserve Bank disclosed that they had suffered a data breach after attackers illegally accessed data stored at a third-party hosting provider.
"A third party file sharing service used by the Bank to share and store some sensitive information, has been illegally accessed," the notification stated.

Governor Adrian Orr of the Reserve Bank states that the breach has been contained but may have exposed commercially and personally sensitive information.
“We are working closely with domestic and international cyber security experts and other relevant authorities as part of our investigation and response to this malicious attack. The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information.”
“The system has been secured and taken offline until we have completed our initial investigations. It will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed. Our core functions remain sound and operational,” Orr said in a statement.
 

silversurfer

Level 70
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,984
In a new advisory released yesterday, the Bank states that the attackers breached their Accellion FTA file sharing service.
"A third party file sharing service provided by Accellion called FTA (File Transfer Application), used by the Bank to share and store some sensitive information, was illegally accessed."
"The system has been secured and taken offline while investigations are underway," the Reserve Bank stated in a new advisory.
A statement released by Accellion yesterday states that they became aware of a vulnerability in their legacy FTA service in mid-December, and a patch was deployed to all customers.
"In mid-December, Accellion was made aware of a P0 vulnerability in its legacy File Transfer Appliance (FTA) software. Accellion FTA is a 20 year old product that specializes in large file transfers."
"Accellion resolved the vulnerability and released a patch within 72 hours to the less than 50 customers affected," Accellion stated in a press release.
 
Top