The Reserve Bank (RBNZ) was warned about a critical security problem in its file-sharing service before it was breached, according to a third party.
The service run by Californian company Accellion told its customers, including the RBNZ, of the high priority problem in mid-December and offered a solution, known as a patch.
The RBNZ could not confirm if it downloaded the patch at the time when asked on Tuesday morning.
Accellion said in a statement fewer than 50 customers which used the compromised file sharing service were affected.
The problem was deemed a 'P0' issue, which is the highest level of concern and requires an immediate fix.
"While Accellion maintains tight security standards for its legacy product, we strongly encourage our customers to update... for the highest level of security and confidence."
The RBNZ used the legacy system to store and share some sensitive confidential information with its stakeholders, such as banks and insurance companies.
It had not yet determined what information was stolen in the hack.
The RBNZ secured the system and took it offline on Sunday when it publicly revealed the breach.
Newshub understands the spy agency, the Government Communications Security Bureau, emailed cyber security experts on Monday morning warning other possible users that Accellion’s services had been linked to 'unauthorised access'.
However, the hack was not believed to have directly targeted the Reserve Bank.
"We have been advised by the third-party provider that this wasn't a specific attack on the Reserve Bank, and other users of the file sharing application were also compromised," RBNZ Governor Adrian Orr said in a statement.
"We recognise the public interest in this incident however we are not in a position to provide further details at this time."