New Zealand’s central bank said on Sunday that one of its systems had been breached by an unidentified cyber attacker.
Commercially and personally sensitive information may have been accessed, according to the institution, which also said it was responding with urgency.
The Reserve Bank of New Zealand (RBNZ) said in a statement that a third-party file-sharing service used to share and store sensitive information was accessed.
— Reserve Bank of NZ (@ReserveBankofNZ) January 10, 2021
RBNZ governor Adrian Orr said it would take time to understand the full implications of the breach, but that it had been contained.
Orr said: “We are working closely with domestic and international cybersecurity experts and other relevant authorities as part of our investigation and response to this malicious attack."
In February of last year, the bank said in a report cited by Reuters that the expected cost of cyber incidents for the banking and insurance industry was between NZD80m ($58m) and NZD140m per year.
The bank said in that report: “More extreme events have a low probability but are still plausible.”
The attack comes after the country’s stock exchange was the target of ditributed-denial-of-service attacks, which overwhelmed its website and forced trading to halt in August. At the time, the country utilised its spy agency and put into action security crisis plans. The attacks persisted for four days.
Bank of England governor Andrew Bailey in November urged cooperation between jurisdictions on cyber attacks and risks to central banking.
Speaking in an online panel discussion, Andrew Bailey said cyber risk was the “quintessential risk which knows no borders.”
“We see cyber risk both taking the form of disruption but also the theft of data and/or information,” he said.
Watch: Will interest rates stay low forever?