You are not permitted to download, save or email this image. Visit image gallery to purchase the image.
RBNZ Governor Adrian Orr said the file sharing service, used by the bank to share information with external stakeholders, has been taken offline during investigations and that it would take time to determine the full impact of the breach.
"We have been advised by the third party provider that this wasn’t a specific attack on the Reserve Bank, and other users of the file-sharing application were also compromised," Orr said in a statement.
RBNZ declined to provide further details on who was behind the attack and how it was discovered, saying such information could affect the investigation and efforts to contain the breach.
"Our core functions and New Zealand’s financial system remain sound," Orr said.
"This includes our markets operations and management of the cash and payments systems."
This breach comes just months after New Zealand's stock exchange operator was targeted in a series of distributed denial of service attacks that overwhelmed its website.
Dave Parry, Professor of Computer Science at Auckland University of Technology, said the attack on RBNZ was more sophisticated than the one on the exchange, and that the possibility of state-backed actors' involvement could not be ruled out.
"Past attacks have been identified as state-backed so the Government would be looking closely into this," he said.
RBNZ has said it was working with domestic and international cyber security experts to investigate the incident.
There has been an escalation in cyber attacks over the past year, with the Government's Computer Emergency Response Team saying attacks reached a record high last year.
Accellion did not immediately respond to request for comment.