What happened
In late 2020 / early 2021 the Reserve Bank of New Zealand disclosed that a third-party file-transfer application (Accellion FTA) it used had been illegally accessed, exposing commercially and personally sensitive information held in that service [rbnz]. The Bank commissioned an independent review and reported the incident to authorities. The number of individuals affected was not officially quantified and is not estimated here.
Timeline
- 2020-12 β Accellion FTA file-transfer service compromised (global supply-chain attack) [rbnz].
- 2021-01 β RBNZ publicly disclosed the breach and began its response [rbnz].
Current status
Resolved, following an independent review and remediation. [rbnz]
Why it matters
A textbook supply-chain breach: the Bank itself wasnβt hacked directly β a widely-used file-transfer tool was β showing how third-party software can expose even a central bank.