Security News > 2021 > January > New Zealand Reserve Bank breached using bug patched on Xmas Eve
A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day.
In a new advisory released yesterday, the Bank states that the attackers breached their Accellion FTA file sharing service.
"A third party file sharing service provided by Accellion called FTA, used by the Bank to share and store some sensitive information, was illegally accessed."
According to our sources, Accellion released the patch on December 24th, 2020, and that the Reserve Bank of New Zealand suffered the breach on December 25th. With there being a 21 hour time difference between Accellion's California location and New Zealand, the breach likely occurred at around the same time or before the patch was released.
While Accellion has stated that they continue to support the legacy FTA application, based on Internet Archive snapshots, Accellion has been advising customers to migrate to their new Kiteworks platform since at least December 2019.
BleepingComputer has contacted both the Reserve Bank and Accellion with further questions but has not received a response.