Central bank appoints auditing firm to conduct independent review of its systems and processes
The Reserve Bank of New Zealand (RBNZ) has completed its assessment of the files illegally downloaded during a data breach that occurred in December.
In a statement, the central bank said that it appointed auditing firm KPMG to undertake an independent review of its systems and processes and is “notifying the organisations whose files contained sensitive information to support them and assist in managing the impact on their customers and staff.”
Read more: Reserve Bank releases guidance on cyber resilience
In January, RBNZ revealed that its file sharing system, provided by US tech firm Accellion, was illegally accessed, potentially compromising sensitive commercial and personal information collected from regulated agencies – including Word documents and PDFs.
The data breach has also caused the bank to delay the release of key lending statistics – including the latest data on new mortgage commitments, bank customer lending, non-bank lending institutions, and retail interest rates.
However, the bank said that its core functions and New Zealand’s financial system remain sound and it remains “open for business, including market operations and management of the cash and payments system.”
“We are aware of shortcomings in the bank’s processes and systems,” RBNZ said. “The independent review by KPMG will examine the impact of these on the breach, as well as examining the sequence of events until the system was closed.”
RBNZ declined to provide specific details on the breach and affected parties for “security reasons”– however, the banks said it will provide more information regarding this incident “as and when it is appropriate to do so, being mindful not to undermine the KPMG review and criminal and forensic investigations currently underway.”
