The access happened between December 29, 2019 and January 27, 2020.

It does not affect members’ investments, which are held by Public Trust in a separate system.

This affects approximately 26,000 of the 90,000 members that have joined Generate over the past seven years. Generate has contacted all of its members individually to confirm whether or not their own personal information is among the data that was inappropriately accessed.

As well as outlining the steps the company is taking in response to this incident, advice has been provided to affected members about what steps they can take to minimise risks associated with inappropriate use of their personal information.

Chief executive Henry Tongue said the company had taken immediate action to secure the online application system, and is taking further steps to enhance online security.

"Unfortunately, malicious attacks of this nature are becoming more common both in New Zealand and globally, and constant vigilance is required. We have engaged external cyber security specialists to advise on our immediate response to this situation, as well as to conduct a broader audit and testing of all of our systems."

Generate has reported the incident to relevant authorities, including the Privacy Commissioner, the New Zealand Police, Inland Revenue and the Financial Markets Authority.

“As an organisation, we take the protection of our clients’ data very seriously, and we unreservedly apologise to all of our members for this situation. We are working hard to assist the members that are directly affected by this, and to enhance the security of our systems to prevent this type of incident occurring again in the future,” Tongue said.