Privacy Commissioner Issues Notice to Reserve Bank Over Data Leak
The privacy commissioner used his new authority to demand that the Reserve Bank provide an update on progress.
Privacy Commissioner John Edwards ordered the Reserve Bank to provide a report on modifications to its cyber security following a cyberattack last year. Edwards was acting under a new authority provided to him by the stronger Data Protection Act.
According to reports, hackers exploited a vulnerability in a file-sharing application developed by the US company Accellion, which the Reserve Bank used to obtain confidential information from commercial banks and was used to obtain confidential information from banks, says stuff.co.nz. The Reserve Bank had used the application to obtain confidential information from commercial banks. In contrast to other institutions that have been hacked in the same manner, no information concerning the Reserve Bank penetration was revealed through extortion. Because of security concerns, the Reserve Bank declined to discuss the topic of the ransom, although it did not deny that it had paid a ransom in the past.
According to the KPMG assessment, Principle 5 of the Data Protection Act was not adhered to in full
According to John Edwards, Australia's privacy commissioner, he has requested that the Reserve Bank of Australia improve the security of its systems in order to better secure sensitive data. A substantial data breach must be disclosed by law following a revision to the Privacy Act last year, and this is the first such notification to have been made since the change was implemented.
According to a joint statement from Governor Adrian Orr, the Reserve Bank, and the Office of the Privacy Commissioner, the report, which was commissioned by KPMG, revealed numerous instances in which Privacy Principle 5 was not observed. Principle 5 states that organizations that collect, store, or otherwise process personal data must put in place suitable protections to preserve the privacy of their customers.
Orr stated that the Reserve Bank agrees with the conclusions in the Notice of Compliance with the Principle issued by a government body.
He added “We have a detailed programme of work underway to address these,” [...] “This work started shortly after the data breach incident through our business services improvement programme which continues to be a key priority for us here at Te Pūtea Matua.”