Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Hacked KiwiSaver member: We're already victims

Thursday, 20 February 2020

Members of Generate KiwiSaver who had their data stolen by hackers are considering their legal options.

The scheme revealed last week that, earlier in the year, personal data about 26,000 members was accessed by third parties.

That included names, addresses, dates of birth, tax codes and, for about 10,000 of them, their identification documents.

One, James Campbell, said he had been the victim of data theft in the past. Scammers had accumulated so much debt in his name that he could not even get a phone on account, he said.

**READ MORE:

* Generate to replace IDs, waive fees for hacked KiwiSaver members

A Facebook group has been set up for people affected by the Generate hack.
A Facebook group has been set up for people affected by the Generate hack.

* $500 gone from bank account, Generate KiwiSaver member blames hack

* KiwiSaver provider Generate members given warning to watch bank accounts after hack**

'When this happened, I was really upset. They sent an email and it went to spam, the same day they sent out a press release.'

He said he felt he had not been able to get any clear answers from anyone at the KiwiSaver provider.

It agreed this week to pay for replacement identification for people whose documents had been accessed, and to waive its $36 annual fee for others, but said it was under no obligation to do so.

Campbell has set up a Facebook group, Generate KiwiSaver Victims, for others who have been affected. He has also had an initial meeting with a lawyer to discuss what their options could be.

Many of the Generate members in the group have discussed changing KiwiSaver provider.

'They're all saying the same thing, they're handing this by way of press release. They are minimising the hell out of what's happened,' Campbell said.

'I drive for a living and my employer gets notifications of anything adverse on my licence. So if people are running around with a copy of that, that can have huge implications for me and my employment.'

Campbell said there were costs beyond the replacement licence. He said he would probably have to pay to have his credit file suppressed – a tactic used to prevent fraud victims from getting bad credit – for the rest of his life.

He said Generate had advised what they should do if they did not want to become victims of identity theft. 'But we are already victims. They have got my driver's licence.'

Martin Cocker, chief executive of Netsafe, said there could be a 'long tail' of risk for people who had their information stolen because it could be used even after the documents themselves had expired.

'People are right to be angry about an organising leaking this sort of data about them.'

But he said there was no precedent for a company that had been the victim of an attack such as this to offer compensation for the harm caused.

He said the risk could be limited because the documents would have to be used in New Zealand, and probably in person, for someone to obtain credit.