KiwiSaver hack victim considers legal action

KiwiSaver hack victim considers legal action | Insurance Business

KiwiSaver hack victim considers legal action

A customer of KiwiSaver provider Generate is considering legal action after its recent cyber security incident.

Generate confirmed that hackers were able to acquire sensitive information of around 26,000 members by exploiting the weaknesses in its online application process – seeking not only the applicants’ full name and personal details but also their Inland Revenue Department (IRD) tax number identifications, withholding tax rate, and copies of photographic ID.

John James Campbell, one of the customers affected by the incident, sought legal advice to decide whether to proceed with a case against Generate to receive compensation for the inconvenience and risk of identity theft.

“It would be difficult, but not impossible, to get any real compensation,” Campbell told RNZ. “For the rest of my life, I have to worry about what they [hackers] are going to do with that information.”

Read more: Hackers acquire sensitive information from KiwiSaver provider

Meanwhile, AMP New Zealand offered assurances that protecting their customers’ data is their main priority – highlighting the importance of best-practice cyber-security standards.

“Our clients are in no way impacted. Unfortunately, incidents like these are an increasingly common threat for any company that manages data of any kind, particularly for those organisations [that] do not have robust systems and trained personnel in place to manage any potential threats,” AMP said on its website.

“We employ a dedicated team of security experts and experienced software engineers who design and implement best-practice cyber security standards. They work to maintain a rigorous, ongoing programme of testing and enhancement of our systems to minimise any potential risk, which we constantly review,” it continued.

“We partner with external security experts to further augment our capability to identify and address any potential threats, and we embed security into all of our processes and systems. Protecting client data is something we’re resolutely focused on every day.”