The super fund manager reported the data breach to the authorities.
KiwiSaver and pension fund manager Booster are warning 7566 of its savers to be on alert for fraudulent calls and phishing emails after a massive data breach.
The names, addresses, emails, phone numbers and pension balances of its SuperScheme savers were hacked after a serious security breach by an employee.
The employee’s laptop had been hacked by hackers, and when she accessed Booster’s system remotely, they were able to retrieve the savers’ data.
Booster is apologizing to its savers via email and letter, and some may not yet know that their details are in the hands of bad actors.
* New Zealand businesses increasingly targeted by cybercrime
* Breaking the silence on cybercrime, New Zealand’s second least reported crime
* Mike O’Donnell: Behind the rise of cyberattacks as a business model
No passwords or personal identification documents were hacked, said Di Papadopoulos, chief customer officer of Booster.
She said the 7,566 people should be vigilant as they could now be targeted by scam callers and phishing emails.
“Booster apologizes and deeply regrets the impact this incident has had on our customers. We want them to know that we are doing everything we can to respond to this incident,” Booster President Paul Foley said.
Cybercrime is the second least reported crime, after sexual assault, according to the Crime and Victims Survey.
Booster would not comment on the disciplinary action the employee faced.
The company just completed safety training for staff, Papadopoulos said.
The employee’s own bank accounts were compromised.
None of Booster’s KiwiSaver customer details were compromised, Papadopoulos said.
The Privacy Commission and the Financial Markets Authority have been notified, she said.
“We are completely disgusted,” she said.
Any concerned Booster saver should call for advice, Papadopoulos said.
Booster’s security systems were robust and the breach occurred as a result of human error, she said.
Booster was telling members to be on the lookout for scams or phishing exercises, Foley said.
“We are confident this is an isolated incident resulting from a member of staff not following the correct procedure,” he said.
“We will notify customers if further relevant information comes to light.”
He said Booster does not allow any employees to store customer information on personal computers.
“In this case, a member of staff had accessed the system from his personal computer. Booster is clear that this is not standard practice and should not have happened as it then allowed a hacker to control the first step of the login process, using a saved password,” he said. -he declares.
“Additionally, the second security step of the login process was not effective due to human error.
“The security of our customers’ data and investments is our primary concern. We understand the inconvenience this situation may cause and we are truly sorry,” he said.