RBNZ Governor Adrian Orr has said that all stakeholders affected by the recent data breach are currently being notified. RBNZ is also supporting organisations who had sensitive files downloaded. Orr has noted that Accellion, a US cloud solution company, failed to notify RBNZ of a global data breach on its customers. Orr says that RBNZ could have avoided the breach if Accellion had issued a prompt warning. RBNZ has now ensured that external legal advisers are conducting assurance checks as well as having IDCARE, a specialist national identity and cyber support service, provide advice to those affected.
“Governor Adrian Orr says the Bank has completed its assessment of the files illegally downloaded during the breach and is notifying organisations involved. External legal advisers are also providing assurance checks and advice on any personal information which was included in the downloaded files.
“We had no warning to avoid the attack which began in mid-December. Accellion failed to notify the Bank for five days that an attack was occurring against its customers around the world, and that a patch was available that would have prevented this breach.”
“If we were notified at the appropriate time, we could have patched the system and avoided the breach. Our own analysis has identified shortcomings in our processes once the system was breached. The impact this had is part of the review underway.”
“For security reasons, we can’t provide specific details about the number of files downloaded, or information they contain. We have been in regular communication with all organisations who have had files illegally downloaded.
“As a priority, we have engaged with the organisations whose files contained sensitive information, to support them and assist in managing the impact on their customers and staff.
We are working directly with these organisations to determine how many people had sensitive personal information compromised and we will ensure they are well supported.”
The Bank has engaged a specialist national identity and cyber support service IDCARE, to provide advice and support to people affected by the breach at no cost to them. We continue to work closely with the Office of the Privacy Commissioner.” Click here to read more
In other news
RBNZ: Financial stability strengthened by firmer LVR restrictions
Cigna: Cigna reports lower-than-expected profit for Q4