New Zealand’s central bank revealed on Sunday that one of its data systems has been breached by an unknown hacker and that some commercially and personally sensitive information might have been compromised.

In a statement regarding the incident the Wellington-based bank said that a third-party file sharing service used by the Reserve Bank of New Zealand to share and store sensitive information was illegally accessed.

Reserve Bank of New Zealand governor Adrian Orr said the breach has been contained and that the bank’s “core functions remain sound and operational.”

“We are working closely with domestic and international cyber security experts and other relevant authorities as part of our investigation and response to this malicious attack. The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” Orr said.

“The system has been secured and taken offline until we have completed our initial investigations. It will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed,” he added.

The bank did not share details on when the breach took place or how the attackers have compromised the system.

In the past year, several major organizations in New Zealand had been hit by cyber attacks, including the New Zealand Stock Exchange, which had suffered a DDoS attack from abroad in August 2020 that halted its operations for two days. While the DDoS attack impacted traders, users’ financial or personal information was not compromised.