Join Generate KiwiSaver

Join or switch online now in five minutes

Join Generate Managed Funds

Get started investing within ten minutes

Member login

Adviser login

Keep your KiwiSaver account safe with one simple step

Categories

Authors

Published

Read on to find out why Two-Factor Authentication (2FA) is worth setting up today.


Multiple Australian pension funds — including REST, AustralianSuper, and others — have been targeted by a co-ordinated cyberattack. According to Reuters, these attacks led to unauthorised access to thousands of member accounts, with some individuals even losing money from their retirement savings.


These events are a serious reminder of how quickly cybercriminals can strike — and how important it is to secure your accounts.


What happened?


Some of Australia’s largest retirement providers, including REST, AustralianSuper, Hostplus and others, were targeted in a wave of online attacks.


Here’s what we know:

  • The attacks didn’t come through complex hacking of internal systems.
  • Instead, cybercriminals used stolen or reused login details — from data leaks or weak passwords — to gain access through member login portals.
  • At AustralianSuper, passwords for 600 accounts were compromised, and in some cases, funds were stolen.
  • REST confirmed that at least 8,000 members were affected.


This is called a credential stuffing attack, where criminals use leaked passwords from one website to try and access other accounts.


How you can protect your Generate account


While there’s no indication of similar attacks in New Zealand, this is a timely reminder to take action. One of the most powerful ways to protect your account is to enable Two-Factor Authentication (2FA).


Even if someone gets your password, they won’t be able to access your account without a unique code sent to your phone.


Set Up 2FA in Just a Minute:

  1. Log in to your Generate Account
  2. Go to your Profile or Account settings
  3. Select Security Settings
  4. Enable Two-Factor Authentication


Stay cyber safe – always


To help keep your account safe, here are a few extra reminders:


  • Generate will never ask you for your password, PIN, or 2FA code via email, text, or phone.
  • Never share your Generate login details with anyone — not even friends or family.
  • Use a strong, unique password for your Generate account — not one you’ve used elsewhere.
  • If you get an email or message that feels suspicious, contact us directly.


Final thoughts


Cyber threats are growing — and retirement savings are a prime target. The recent Australian attacks show that even major providers can be impacted.


Protecting your KiwiSaver account is in your hands — and 2FA is a great place to start.


If you need help setting it up or have any concerns, our team is here to support you. Stay smart. Stay safe.


Disclaimers