The Reserve Bank (RBNZ) won’t collect data it routinely gathers from the financial institutions it regulates until next month, following a major data breach.
The attack, which the RBNZ alerted the public to on January 10, targeted the file-sharing software it used. This was provided by a third-party - Accellion.
The RBNZ says it will only resume collecting data from the likes of banks and non-bank deposit-takers when it implements a new secure file transfer system.
Consequently, the publication of most of the RBNZ’s statistical releases will be postponed by three to four weeks.
Bad timing
The halt in information gathering and publication comes as the Government considers ways of cooling housing demand - potentially by requiring the RBNZ to give greater consideration to house prices through the way it regulates banks.
The Government is mulling whether to enable the RBNZ to prevent banks from lending to property buyers seeking to take out a lot of debt versus their incomes.
The data hold-up also comes as the RBNZ consults on its proposal to, in March, reintroduce the same loan-to-value ratio (LVR) restrictions that were in place before it removed them last year.
And, it comes ahead of the RBNZ releasing its quarterly Monetary Policy Statement on February 24.
The Monetary Policy Committee will be interested in seeing how its stimulus is flowing through the banking system. IE the extent to which it continues to be property buyers, not businesses, making the most of low interest rates by borrowing up a storm.
The details
At this stage, statistics affected include:
- Bank customer lending (C65 & C66): delayed from 12 January
- Credit card balances and spending (C12 & C13): delayed from 26 January
- New mortgage commitments - Loan to Valuation Ratios (C30-C35): delayed from 29 January
- Bank Balance Sheet (C5, C50-52, S10-41): delayed from 29 January
- Non-bank Lending Institutions (T1, T4, T11, T21, T31): delayed from 29 January
- Bank Liquidity (L1-3): delayed from 5 February
- Retail interest rates (B3, B6, B20, B21, B25-27): delayed from 5 February
The RBNZ said: “We expect other publications scheduled for February and March to also be affected, including the December 2020 quarter Bank Financial Strength Dashboard (scheduled for release on 3 March).”
Unaffected statistical releases include:
- Exchanges rates and TWI (B1)
- Wholesale interest rates (B2)
- Debt securities (D9-35)
- Reserve Bank (D3-12; F3-5; R1-3)
- Household inflation expectations (M13)
- Survey of business expectations (M14)
The RBNZ said: “It is important to note that no data has been lost and no publications will be cancelled. We have advised our data suppliers to prepare survey returns as normal.”
Compromised files identified
RBNZ Governor Adrian Orr gave the following update on the data breach: “With the assistance of New Zealand and international police, and forensic security specialists, the cause of the breach is now understood and resolved. The system is closed.
“Significantly, we have a good understanding of the scope of the breach.
“Based on the results of our investigation and analysis to date we have been able to tell stakeholders which of their files on the File Transfer Application (FTA) were downloaded illegally during the breach.
“This prioritised analysis is continuing and we are supporting stakeholders to manage risks and respond appropriately.
“We are also keeping the Office of the Privacy Commissioner regularly informed and we’re taking its guidance.
“The Bank’s core functions are unaffected, sound and operational.
“I’m pleased with the way the Bank has stepped up in responding to this breach, and I’m thankful for the support of our public and private sector partners, but I am disappointed and sorry this data theft has occurred.
“There are some serious questions that have been answered by the team at the Bank and there are more for the supplier of the system that was breached. That is the subject of an independent review by KPMG that is now underway.
“I will provide an update on the review process next week.”
25 Comments
Best time to do it. Can plead ignorance as no bank data available. Banks in the mean while can keep going on the lending spree as RBNZ doesn't have the data to reign them in.
That RBNZ can't come up with an interim solution to get the data is pathetic. They've had sufficient time.
The fault lies squarely with the rbnz failing to upgrade to a secure version of their file software. You don't let your locks rust off a vault and then complain when a thief takes the contents. That's just negligence.
To double down and use negligence as an excuse to delay crucial reporting in a time of great economic uncertainty is synical at best.
https://www.reseller.co.nz/article/685463/hacked-reserve-bank-acknowled…
Thanks for the link. That sort of thing is all too common unfortunately. Anyone remember the Equifax hack?
https://www.zdnet.com/article/equifax-confirms-apache-struts-flaw-it-fa…
https://en.wikipedia.org/wiki/2017_Equifax_data_breach
Wow. If they can't securely transfer files - what hope do the rest of us have doing that? Maybe we should shutdown this internet thing - sounds pretty hard and dangerous, certainly not something you want to be doing your everyday banking over.
Unexpected also, you just can't make this stuff up, always seems to be the worst possible time, just as they had exuberant resi-lending and the MPS to consider.
That being said, I'm confident there are reasons that we need this central bank .
They cannot be fired remember? The government says they are fully independent, so they answer to nobody. Not the public, not the finance minister, not the government.
Of course, that's not what the RBNZ Act says, the gubbmint just declares that is so because it allows them to not look responsible for the damage they cause.
In March 2020 just when the housing market seemed to weaken, RBNZ acted immediately to pre-empt it. But, now with house prices actually spiking, the same urgency seems to have dissipated. We also have the Min of Finance having the luxury of thinking about it "over summer".
Does RBNZ really neef data to gauge the housing msrket
No one is interested in the housing ponzi to stop be it government, RBNZ or any experts and do find excuse to not taking any action or if forced comes with announcement that will look into afte 6 months or 3 months... deflacting as no intent to take action.
You can Enter Your E-mail Addressed at Have I Been Pawned: https://haveibeenpwned.com
It will tell you IF and how many times your email address has been sold and/or leaked-in-data-breaches. The site references your details against known/commonly available lists of hacked/pawn details.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.