Whangarei District Council has emerged as another local user of the file sharing software at the centre of the hack of the Reserve Bank of New Zealand (RBNZ).
"There have been some well-publicised issues with one of our vendors (Accellion), where their file sharing software was compromised," a February report on ICT operations to council said.
"While Whangarei District Council was not affected or at risk in any way, we are migrating to a different product in their suite as a precautionary measure."
Asked why the council was not considered at risk, ICT manager Ian Fernandes told Reseller News he understood the Reserve Bank hosted Accellion on its own servers and may have not have had the latest version installed.
There were two breaches of the software and the RBNZ was part of the first breach, in December 2020.
"Whangarei District Council was in a different situation because our Accellion FTA service was cloud-based and was hosted and run by Accellion," Fernandes said.
"Our service was proactively shut down by Accellion as a precautionary measure as part of the second breach in January 2021."
FTA is Accellion's twenty year old legacy file sharing software, replaced by a new system called Kiteworks launched in 2014.
Although the second breach did affect the multi-tenanted cloud service for some users, Accellion assured the council it did not affect the council's tenant and its FTA service was not exploited.
"However, as a precautionary measure we migrated to the Accellion Kiteworks cloud service immediately after the second reported breach and decommissioned the old service," Fernandes said.
The council agenda further reported a number of systems had been migrated from out-of-support servers or decommissioned entirely, enabling a removal of security concerns, improving council’s security footprint and also reducing monthly costs.