By Juha Saarinen on Jun 1, 2021 12:55PM RBNZ governor Adrian Orr. /Supplied Bank made things worse by not adhering to own usage guidelines. The Reserve Bank of New Zealand was hacked after Accellion failed to send out a warning that its File Transfer Appliance (FTA) contained an actively exploited vulnerability with patches available. While Accellion had patches for its FTA product available in December 2020, and was made aware by security vendor FireEye as early as the 16th of that month that the vulnerability was being exploited, RBNZ did not receive notification of the threat. In a commissioned post-mortem, KPMG said that the email tool used by Accellion "failed to send ... notifications and consquently the bank was not notified until January 6 2021."