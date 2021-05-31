



The Reserve Bank says that a report by KPMG of the cyber attack on one of its computer systems last year identified failures that it began to act on. The central bank announced in January that a file-sharing system it used to receive confidential information from banks had been illegally accessed due to a vulnerability in the product, provided by US software company Accellion. Reserve Bank Governor Adrian Orr said the central bank had taken full responsibility for the shortcomings identified in KPMG’s report into the incident, a public version of which was released on Monday. We were too dependent on Accellion to alert us to any vulnerabilities in their system, he said. READ MORE:

In this case, the notifications they sent to us did not leave their system and therefore did not reach the Reserve Bank before the breach. We have not received any prior warning. KPMG said controls and practices within the central bank that could have reduced the impact of hacking needed to be improved, and Orr said work was underway. I am disappointed with the incident and the impact it had on people, including our own team. However, I am convinced that we have responded with urgency, precision and care, he said. Robert Kitchin / stuff Reserve Bank Governor Adrian Orr: We were overly reliant on Accellion to alert us to any vulnerabilities in their system. (File photo) A number of other organizations around the world have also had data stolen due to the Accellion vulnerability, some of which then saw this information uploaded online by a ransomware gang. Last month, the Reserve Bank declined to say if it paid a ransom or if it had any information anyway on whether any of the banks whose data was stolen did. He also wouldn’t speculate on why the data of other Accellion victims was posted online by extortionists, but not the data involved in the reserve bank breach. We do not comment on the subject of ransoms for security. This includes comments on other data breach reports, the Reserve Bank said in response. The Reserve Bank estimates that the hack will have cost it $ 3.5 million, including in staff time.

