Reserve Bank of New Zealand (RBNZ) governor Adrian Orr has issued an apology for the recent data breach that hit the central bank through a file-sharing application.
“We apologise unreservedly to all of those impacted by the breach. Personally, I own this issue and I am disappointed and sorry,” Orr said.
“Our investigation makes it clear we are dealing with a significant data breach. While a malicious third party has committed the crime, and we believe service provisions have fallen short of our agreement, the Bank has also fallen short of the standards expected by our stakeholders.”
According to Orr, New Zealand’s financial system and institutions remain sound, and the file transfer system involved in the breach has been secured and closed. A detailed forensic cyber investigation is being conducted, and RBNZ is working directly with affected stakeholders whose information may have been breached.
“We recognise the public interest in this incident and we acknowledge there are serious questions that need to be answered about how this incident occurred and how to strengthen our systems and processes,” he said.
“In addition to the forensic cyber investigation currently underway, we have appointed an independent third party to undertake a comprehensive general review of this incident. We will be as transparent and clear as possible as this progresses, and [we] will release the review’s terms of reference shortly.”
RBNZ has put up a dedicated webpage detailing its response to the breach as well as an email service for those who want to receive updates.