[BreachExchange] KiwiSaver provider reveals hackers have stolen customers' data

[Destry Winant]

https://www.newshub.co.nz/home/money/2020/02/kiwisaver-provider-reveals-hackers-have-stolen-customers-data.html

A KiwiSaver provider, Generate, has had its computer systems breached
and the personal information of 26,000 of its customers has been
taken.

The Kiwi-owned company said there was an unauthorised and malicious
third-party attack, but wouldn't elaborate on how the data was taken.

Money invested with the company is safe, Generate said, as it's held
in a separate system. Not all of its 90,000 customers are affected,
and all those who are affected have been contacted individually.

"As well as outlining the steps the company is taking in response to
this incident, advice has been provided to affected members about what
steps they can take to minimise risks associated with inappropriate
use of their personal information," the company said in a statement.

'Sweeping intrusion': Chinese military members charged for hacking 150
million Americans' data
Cyber experts not convinced Treasury was hacked

Generate apologised and reported the incident to the police, the
Privacy Commissioner, Inland Revenue and the Financial Markets
Authority.

The company has taken steps to secure the system, its chief executive
Henry Tongue said.

"Unfortunately, malicious attacks of this nature are becoming more
common both in New Zealand and globally, and constant vigilance is
required. We have engaged external cyber security specialists to
advise on our immediate response to this situation, as well as to
conduct a broader audit and testing of all of our systems," he said.

Generate did not say exactly what information was taken, other than it
being personal data held in its online application database.

"As an organisation, we take the protection of our clients' data very
seriously, and we unreservedly apologise to all of our members for
this situation.

"We are working hard to assist the members who are directly affected
by this, and to enhance the security of our systems to prevent this
type of incident occurring again in the future," Tongue said.