A KiwiSaver provider, Generate, has had its computer systems breached and the personal information of 26,000 of its customers has been taken.
The Kiwi-owned company said there was an unauthorised and malicious third-party attack, but wouldn't elaborate on how the data was taken.
Money invested with the company is safe, Generate said, as it's held in a separate system. Not all of its 90,000 customers are affected, and all those who are affected have been contacted individually.
"As well as outlining the steps the company is taking in response to this incident, advice has been provided to affected members about what steps they can take to minimise risks associated with inappropriate use of their personal information," the company said in a statement.
Generate apologised and reported the incident to the police, the Privacy Commissioner, Inland Revenue and the Financial Markets Authority.
The company has taken steps to secure the system, its chief executive Henry Tongue said.
"Unfortunately, malicious attacks of this nature are becoming more common both in New Zealand and globally, and constant vigilance is required. We have engaged external cyber security specialists to advise on our immediate response to this situation, as well as to conduct a broader audit and testing of all of our systems," he said.
Generate did not say exactly what information was taken, other than it being personal data held in its online application database.
"As an organisation, we take the protection of our clients' data very seriously, and we unreservedly apologise to all of our members for this situation.
"We are working hard to assist the members who are directly affected by this, and to enhance the security of our systems to prevent this type of incident occurring again in the future," Tongue said.