Generate Data Incident
We can help if you are worried or would like to change KiwiSaver providers
The recent data incident at Generate highlighted the risks that government, businesses and individuals face from cyber-attacks.
While Generate has worked hard to support impacted people since the attack (see email excerpt below), some of my clients have asked can I recommend another KiwiSaver provider for them to switch to. The short answer is absolutely, so please get in touch and we’ll help you through the change.
Hi Cam
Firstly, my sincere apologies for this incident and for the repercussions to your clients. This incident should not reflect poorly on your adviser business as our advisers have no involvement or liability for this incident.
We sincerely apologise to all members for this incident and we hope that these offers and other steps we have taken in this ongoing breach response from Generate help to demonstrate to all of our members how valued they are to us.
Please feel free to pass on our comments to your customers including group scheme contacts.
We have notified all relevant authorities about this incident, including the FMA, the police, Cert and the Privacy Commissioner.
We followed the correct protocol from there to secure the systems, identify what was taken and then notify those affected. We went proactively to the media with the notification to make sure we got the message out to as many people as possible, as quickly as possible, to minimise the risk for clients. We employed IDCARE.ORG to provide specialist third party ID advice to our affected members. We provided the IDCARE call centre and our own incident response call centre to help clients.
We have identified the IRD on members' behalf and they have flagged the relevant IRD number as having personal data compromised. We have arranged for both Centrix and Equifax to apply for credit suppressions on members behalf with their authority. Further, we have listened to our clients who said that indefinite credit suppressions were too inconvenient so we have offered to reimburse all those affected for the cost of replacement ID. Replacing ID significantly reduces the risk of harm from identity theft. We have done far more than the minimum requirements because we value our clients.
Having secured the system affected and we now have third party experts conducting intensive testing and improvements. We will not be making these public as we do not want to give the bad actors any insight into our systems. Unfortunately, malicious attacks of this nature are becoming more common both in New Zealand and globally, so constant vigilance is required and we are taking longer-term steps to further strengthen the security of our systems. This is a key priority for us alongside continuing to perform strongly as an investment manager to deliver results for our members.
Thanks & Regards,
Carl Pheasant
Business Development Manager, Generate