Reserve Bank drops Accellion after hack, rolls out Box

Reserve Bank drops Accellion after hack, rolls out Box

The Reserve Bank appears to have written off work on its Accellion software upgrade.

Adrian Orr (Reserve Bank of NZ)

Adrian Orr (Reserve Bank of NZ)

Credit: Supplied

The Reserve Bank of New Zealand – Te Pūtea Matua – is ditching its Accellion file sharing system in favour of software from California-based Box.

The shift comes after the bank became a high-profile victim of a global breach of Accellion's legacy software, called FTA, over the Christmas period in 2020. 

The bank was in the middle of an upgrade from FTA to the latest Accellion product, Kiteworks, when the breach was discovered. 

The upgrade started in September 2020 and was expected to be completed in March 2021 at a cost of $277,000, the bank reported to Parliament's finance and expenditure committee last December. However, the project was subsequently shelved at a cost of $241,000.

An ugly dispute erupted between the bank and the vendor in the wake of the breach over the timings and methods Accellion used to notify and rectify it.

The bank was also found wanting, however, after Reseller News published details of an internal report from then-CIO Scott Fisher warning of "high operational risk" due to technical obsolescence and an underinvestment in security across many core platforms.

In September last year it also became the first organisation to be hit with a compliance notice by the Privacy Commissioner.

The bank told Reseller News work to identity a suitable file transfer system began in mid-2021. Box was chosen after a competitive tender and thorough evaluation completed towards the end of the year, it said.

The project, which was being implemented internally, was ongoing with users being on-boarded in phases so final costs were yet to be confirmed.

"Box is a modern file sharing and collaboration solution that provides a secure file transfer service," the bank told Reseller News.

A review of the breach by KPMG, released last May, also identified problems in the way the bank had been using Accellion. The bank declined to comment when asked how it would control the use of its new system.

The bank said no settlement had been sought from Accellion, which rebranded as Kiteworks last October. "Te Pūtea Matua’s priority has been to select, test and implement the new secure file transfer system to meet operational business needs," it said.

Reserve Bank governor Adrian Orr told the committee the bank had effectively responded to the breach.

"Lessons have been learnt and been guided by the independent report from KPMG, and we continue to roll out, I would say, a multi-year programme to implement systems and process improvements," he said. "We also remain in regular contact with the Office of the Privacy Commissioner."

By May last year, costs associated the hack had reached $3.5 million.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags file sharingReserve BankAccellioncyber securitysecurityKiteworks


EDGE 2024

Register your interest now for EDGE 2024!



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments