The governor of the Reserve Bank of New Zealand Adrian Orr has issued an apology for the recent "significant" data breach that the central bank suffered.
Unknown attackers exploited a vulnerability in the standalone Accellion File Transfer Appliance (FTA) and illegally accessed sensitive data stored on and shared with the application.
The nature of the data has not been disclosed by the bank, nor the how information was captured.
"We apologise unreservedly to all affected parties for this breach," Orr said.
"I do want to say, I personally own the issue; I am very sorry and I am very disappointed to be here, giving this news," the RBNZ governor added.
Orr said the RBNZ's ongoing investigation shows that the data breach is serious and has "significant" data implications.
He did not however disclose what the implications are and who the affected parties are.
Prior to today's update, Orr said that Accellion had told RBNZ that the compromise wasn't a specific attack on the bank.
Orr said both Accellion and RBNZ are to blame for the data breach.
"While a malicious third party has committed the crime, and we believe service provisions have fallen short of our agreement, the Bank has also fallen short of the standards expected by our stakeholders,” he said.
The twenty-year-old Accellion FTA that was breached has now been secured and closed, he added.
An unnamed third-party has been appointed to undertake a comprehensive general review of the data breach incident, Orr said.
He said the RBNZ will be as transparent and clear as possible as the review progresses, with its terms of reference being released shortly.
In addition, the RBNZ is utilising the New Zealand governments National Security System as part of its handling of the data breach.
Technical details of the breach were not disclosed by Orr however.