Posted on February 13, 2020 at 12:18 PM
Reports reveal that some hackers have infiltrated into the KiwiSaver customer portal and stole photographic IDs of 10,000 customers in the portal. The report confirmed that the hack was perpetrated over the Charismas and New Year period where the most sensitive section of the website was raided.
Generate, KiwiSaver provider, revealed today that about 26,000 of its 90,000 customers have been victims of cyber-theft over the last seven-year. These numbers were subject to the different private data leaks, including their personal names and addresses, tax department number, as well as photographic identification. However, the company stated that only 10,000 accounts were affected in the recent hacking activity. It said the hackers stole the visual identification of the affected customers.
Investors’ funds were not affected
Henry Tongue, Generate’s CEO, said the company has contacted its members and verified whether their IDs were part of those that were stolen. He also stated that investors’ funds were not at risk.
Generate said investors’ funds are safe, although the affected customers may be vulnerable because the stolen ID information can be used to perpetual other online identity frauds from organized crime to online purchases.
Security actions are taken to prevent the use of stolen ID
The company has reported to the Internal Revenue Department, which has responded by placing stringent security measures to prevent the hacked information from being used. Generate further pointed out that there has not been any incident where the stolen IDs were used and the hackers have not accessed the Inland Revenue system yet.
The company has reiterated that it will take proactive measures to make sure its system is safe from further vulnerabilities.
However, the government agencies responsible for issuing drivers’ licenses and passports stated that they would not be able to find out whether the stolen ID has been misused unless the real owners report to them. They stated that the wrong people could be using their IDs for online transactions or other activities, but is the owners report any case, it would help them to identify and prevent further use of their IDs.
However, the government agencies that issue passports and drivers’ licenses advised that they have no way to check whether affected Generate customers’ documents are being misused unless the holder cancels them.
Generate also informed those who are concerned their license may have been misused to contact the respective issuing organization to get their old license canceled and get a new one. After the cancelation of the old one and the issuance of the new license, the old one becomes useless to whoever has it.
The extent of breach not disclosed
Generate has not disclosed the level of breach the portal has suffered but revealed that hackers stole the personal information of some of its members.
The department of Internal Affairs also advised in line with Generate’s statement. It said if there is any customer who feels their ID and personal information has been compromised, the best solution is to contact the Internal Affairs to get a new one and render the former one obsolete.
The application process of Generate usually seeks vital personal information from the customers. Apart from the personal address details and full names, it also requires the customers to provide their withholding tax rate, tax number identification, as well as copies of their photo identification. The duplicated copy could either be their drivers’ license or passport.
Based on Generate’s claims, the company has the 10th highest number of KiwiSaver customers, with about $1.8 billion customers’ savings under its control. KiwiSaver is a $63.1 billion market and based on these statistics, Generate has a 2.9% share in the market.