Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

KiwiSaver provider Generate members given warning to watch bank accounts after hack

Wednesday, 12 February 2020

Chief executive Henry Tongue said company had taken immediate action to secure the online application system, and was taking further steps to enhance online security.
Chief executive Henry Tongue said company had taken immediate action to secure the online application system, and was taking further steps to enhance online security.

KiwiSaver provider Generate says hackers have obtained personal information about 26,000 of its members.

It said there was unauthorised third-party access to its online application system between December 29 and January 27 and some of its members' information was accessed illegitimately.

That includes names, addresses, IRD numbers, and potentially ID and proof of address documentation.

Member investments are not affected because they are held by Public Trust in a separate system.

In a statement, Generate said it had contacted all of its members individually to confirm whether or not their information was among the data that was inappropriately accessed.

**READ MORE:

* Animates customers' personal information and credit card details compromised in data breach

* The most common scams - and how to avoid them

* How can you know your KiwiSaver money is safe?**

Advice had been provided to affected members about what steps they could take to minimise risks associated with inappropriate use of their personal information. Chief executive Henry Tongue said that included being told to change passwords online, closely monitor their bank accounts and credit cards, notify credit agencies and register for alerts for people registering credit in their name.

It has about 90,000 members in total.

Tongue said the company had taken immediate action to secure the online application system, and was taking further steps to enhance online security.

He did not say how the breach happened but said Generate's immediate priority was to secure the system and work out who was affected.

'Unfortunately, malicious attacks of this nature are becoming more common both in New Zealand and globally, and constant vigilance is required. We have engaged external cyber security specialists to advise on our immediate response to this situation, as well as to conduct a broader audit and testing of all of our systems.'

Generate has reported the incident to relevant authorities, including the Privacy Commissioner, the New Zealand Police, Inland Revenue and the Financial Markets Authority (FMA).

'As an organisation, we take the protection of our clients' data very seriously, and we unreservedly apologise to all of our members for this situation. We are working hard to assist the members that are directly affected by this, and to enhance the security of our systems to prevent this type of incident occurring again in the future,' Tongue said.

Generate has more than $1 billion in KiwiSaver funds under management.

FMA spokesman Andrew Park confirmed it had been informed.

'We issued a review of cyber resilience and preparedness in July 2019. We said that as part of the FMA's role in promoting fair, efficient and transparent markets, we want to ensure financial service providers and consumers are aware of and prepared for cyber-risks, and that providers have proportionate controls to mitigate risks and ensure cyberresilience.'