itb-nz logo
Story image

KiwiSaver firm Generate hit by data breach

13 Feb 2020

KiwiSaver provider Generate has published details of a breach that has affected approximately 26,000 of its 90,000 customers, putting personal information at risk.

Between 29 December 2019 and 29 January 2020, the company alleges that an ‘unidentified’ third party gained access to its online application system and captured personal information belonging to some of its members.

KiwiSaver investment funds were not affected in the breach, because they are held in a public trust on a different system.

While some worry that the stolen personal information could be used to make fraudulent KiwiSaver withdrawals, Generate says there is no evidence this has occurred so far. Additionally, the company has put in additional security measures to stop it from happening.

The stolen information could also be used to commit identity theft. To prevent identity theft, Generate suggests that customers:

  • Change passwords across all online services to strong ones that are hard to guess
  • Closely monitor credit cards and bank accounts for suspicious transactions
  • Contact the credit agencies and register for alerts that inform you if someone tries to get credit in your name.

Generate says it has notified customers as to whether their information was stolen in the breach. Current passwords were not affected.

The company says, “If you are a Generate member, you should have received an email that clearly states whether or not your personal information was accessed. You can also safely log in to your account for specific information on what personal data of yours was accessed. If you have not received an email from us, or you still have questions, please call 0800 086 086 to speak with our team.”

Generate explains that as soon as it was made aware of the breach, the company immediately strengthened security of its online applications website, and its wider IT systems.

“Our next immediate focus was to identify which of our members’ data was accessed and exactly what data was involved. This enables us to provide clear and accurate information to each member.”

“In addition, we have been working closely with external cyber security specialists to fully investigate the circumstances of this incident and advise us on any further steps we should take.”

Generate is also working with IDCARE, an independent identity and cyber security organisation, to provide you with specialist advice and assistance. 

Generate customers can contact IDCARE via the referral code KWB-IDC20 either through its online Support Request Form (https://www.idcare.org/contact/get-help) or by calling 0800 201 415 during business hours (Monday to Friday 10:00am – 8:00pm NZST). 

Generate has also notified the Financial Markets Authority, Inland Revenue, the New Zealand Police, and the Privacy Commissioner.

“As an organisation, we take the protection of our members’ data very seriously. Unfortunately, malicious attacks of this nature are becoming more common globally,” Generate states. 

“In response to this incident, we have already taken a number of actions to further strengthen our security, and are implementing an ongoing programme of testing and refinement of our systems. Notwithstanding this, we sincerely apologise to our members who have been affected.”

Story image
One Identity & Ping Identity join forces on identity management
The partnership brings together Ping Identity's access management technology with One Identity’s identity governance and administration (IGA) technology.More
Story image
Attivo named by Gartner as Sample Vendor for deception platforms
The company was named as an example of platforms that create false artifacts to aid threat detection in Gartner’s 2020 Security Ops Hype Cycle report.More
Story image
Video: 10 Minute IT Jams – Who is Talend?
The company’s Data Fabric offers a full suite of cloud apps in data integration and data integrity. These apps help organisations to make the most of the data they generate and consume.More
Story image
B2B buyers more likely to buy from vendors with digital purchasing channels - report
Procurement and purchasing leaders have steadily been shifting purchasing from traditional reliance on sales reps to self-serve ordering through digital channels, and COVID-19 has dramatically accelerated this shift..More
Story image
Cognizant snaps up Microsoft specialists New Signature
Cognizant has acquired New Signature, a cloud-native business focused on Microsoft public cloud transformation. According to a statement, the acquisition will enable Cognizant to further grow Microsoft cloud solutions.More
Download image
Ultimate security: The best authentication just got better
Cloud applications can hold sensitive data, and top-notch authentication is key. But having separate tools for separate applications can be cumbersome - here's how to overcome that.More