Six months after data breach, Reserve Bank chief information officer quits

Six months after the Reserve Bank revealed it was the victim of a major data breach the chief information officer has resigned.

This morning a spokesman confirmed that Scott Fisher, the Reserve Bank’s head of digital services and chief information officer since the startof 2019, was leaving.

Fisher had previously been acting CIO at the Reserve Bank. He was previously head of service operations at the New Zealand Racing Board (TAB) following eight years at the Bank of New Zealand, according to a Reserve Bank statement when he was appointed.

The spokesman has not provided reasons for the departure, whether it was linked to the data reach or whether Fisher has left the bank.

On January 10 the Reserve Bank revealed it was “responding with urgency to a breach of one of its data systems”.

The incident – which saw sensitive data stolen – involved a file-sharing service run by US company Accellion.

In the days following Reserve Bank governor Adrian Orr appeared in a scripted video (the bank did not give a press conference) in which he said he owned the issue.

“We apologise unreservedly to all of those impacted by the breach. Personally, I own this issue and I am disappointed and sorry,” he said.

“While a malicious third party has committed the crime, and we believe service provisions have fallen short of our agreement, the Bank has also fallen short of the standards expected by our stakeholders.”

In May, a public version of a report by consultants KPMG said “potential malicious activity” on the system the Reserve Bank used generated alerts that Reserve Bank support staff did not take action on.

Fisher appeared to have warned the Reserve Bank about its vulnerabilities.

In a May 2020 report Fisher warned there was “high operational risk due to technical obsolescence and an underinvestment in security across many of the core technology platforms”.

Fisher wrote: “Our people lack the modern digital tools, data and systems required to effectively collaborate and to support informed decision-making.”

The report outlined a timetable for new technology solutions to be implemented from June, but six months later, the Reserve Bank was still using the older FTA service as it was compromised.

Source: Read Full Article