(Adds details)
WELLINGTON, Jan 11 (Reuters) - New Zealand's central bank said on Monday a cyberattack that breached its data systems also affected other users of a third-party application and that it was not a specific target of the hack.
The Reserve Bank of New Zealand (RBNZ) said a file sharing service provided by California-based Accellion was illegally accessed.
RBNZ Governor Adrian Orr said the file sharing service, used by the bank to share information with external stakeholders, has been taken offline during investigations and that it would take time to determine the full impact of the breach.
"We have been advised by the third party provider that this wasn't a specific attack on the Reserve Bank, and other users of the file-sharing application were also compromised," Orr said in a statement.
RBNZ declined to provide further details on who was behind the attack and how it was discovered, saying such information could affect the investigation and efforts to contain the breach.
"Our core functions and New Zealand's financial system remain sound," said Orr.
"This includes our markets operations and management of the cash and payments systems."
This breach comes just months after New Zealand's stock exchange operator was targeted in a series of distributed denial of service attacks that overwhelmed its website.
Dave Parry, Professor of Computer Science at Auckland University of Technology, said the attack on RBNZ was more sophisticated than the one on the exchange, and that the possibility of state-backed actors' involvement could not be ruled out.
"Past attacks have been identified as state-backed so the government would be looking closely into this," he said.
RBNZ has said it was working with domestic and international cybersecurity experts to investigate the incident.
There has been an escalation in cyberattacks over the past year, with the government Computer Emergency Response Team saying attacks reached a record high last year.
Accellion did not immediately respond to request for comment.