Menu
Report: Reserve Bank did not have time to apply patch and avoid hack

Report: Reserve Bank did not have time to apply patch and avoid hack

Reported dates and timings of patch release could indicate little or no opportunity to avoid breach

Credit: Marguerite Hill

A patch from software vendor Accellion was released on December 24 in the US, according to a new report, leaving the hacked Reserve Bank of New Zealand little or no time to implement the fix.

Bleeping Computer, citing sources, said the hack of Accellion's legacy FTA file transfer system, used by the bank to share documents with external stakeholders, occurred on 25 December, US time.

Given the 21 hour time difference between California-based Accellion and its New Zealand customer, the equation to implement the fix only gets more difficult.

In media statements, however, the vendor said it had discovered the vulnerability in mid December and released a patch within 72 hours.

The Reserve Bank - Te Pūtea Matua and Accellion were both asked for comment. Neither opted to add to their previous statements.

The bank was also using what has been described as 20-year-old software rather than Accellion's new Kiteworks file transfer system, which the vendor said has never been breached.

As reported earlier by Reseller News last May, the bank acknowledged under investment in cyber security and other challenges within its IT services in a report signed by chief information officer Scott Fisher.

The report also outlined a new strategy to address the shortcomings.

Consulting on the planned changes, the bank reported it was at "high operational risk" due to technical obsolescence and an underinvestment in security across many of its core technology platforms.

It also said staff lacked the modern digital tools, data and systems required to effectively collaborate and to support informed decision making.

The bank noted its then digital services operating model made it hard for the business to engage with IT, struggled to meet current business demand and had unclear accountabilities.

On Monday, bank governor Adrian Orr said analysis of the potentially affected information was being done with "pace and care".

“We are actively working with domestic and international cyber security experts and other relevant authorities as part of our investigation," he said. 

This included the GCSB’s National Cyber Security Centre which had been notified and was providing guidance and advice.

“We have been advised by the third party provider that this wasn’t a specific attack on the Reserve Bank, and other users of the file sharing application were also compromised," Orr said.

“We recognise the public interest in this incident however we are not in a position to provide further details at this time.”




Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackfile transferAccellionReserve Bank of New Zealanddata breach

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments