Data breach in the New Zealand Reserve; confidential records exposed

New Zealand Reserve Bank executives acknowledged a data breach arising from a cyberattack against a third party hosting company abroad. Also known as Te Petea Matua, this institution is responsible for the issuance of monetary policy for weight control in New Zealand territory.

This weekend, the Reserve Bank revealed that threat actors illegally accessed data stored by this hosting provider: “We have detected illegal access to a file-sharing service employed by our staff,” the notification says. Adrian Orr, governor of the bank, mentioned that the incident was detected and contained as soon as possible, as the scope could be catastrophic.

The report mentions that the New Zealand authorities will continue to work in conjunction with external cybersecurity specialists to provide an adequate response to the incident: “We will continue to determine the nature and scope of any potentially compromised information, although we anticipate that this may include business information and confidential personnel.”

As a security measure, the affected systems were temporarily disconnected: “It will take us some time to understand all the facts related to this incident, we will continue to work with users whose information may be compromised,” Orr added, stating that the bank’s operations remain fully active.

After multiple members of the cybersecurity community requested additional details, the Bank issued a new update just to mention that no further comments would be provided until the investigation was completed. Some experts are in the interest of this incident being related to the wave of denial of service (DoS) attacks that New Zealand suffered a few months ago and even affected the local stock exchange systems, although nothing is confirmed.