Generation Life confirms personal information leaked in cyber incident

Generation Life has provided an update regarding a cyber incident that took place in April, confirming information of a "limited number" of individuals has been impacted.

The business suffered a cyber incident that involved an unauthorised third-party accessing part of its system via an external service provider on 27 April 2026. It later confirmed the third party was disguised as 'Generation Life' which claimed to have accessed some of its data in a separate update on 17 May 2026.

Following a detailed investigation and data review, Generation Life is now "notifying individuals whose personal information has been confirmed as impacted."

It did not confirm the number of individuals affected.

"This relates to a limited number of individuals. To protect the privacy of those individuals, and because we are communicating directly with them regarding their particular circumstances, Generation Life will not be providing further public detail on the number of people affected or the nature of the personal information involved," Generation Life told Financial Standard.

"Since the incident was first identified, we have been working closely with specialist cybersecurity and forensic experts to assist with the investigation and response."

The update confirmed there has been no access to the core systems responsible for investment activities or any unauthorised transactions. Client investments and funds have not been impacted, and its service continued to operate per normal.

The company has since increased its transaction monitoring and controls as a precautionary measure.

Generation Life has also notified relevant government authorities and regulators, including the Australian Prudential Regulation Authority (APRA), the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC), and the National Office of Cyber Security (NOCS).

Generation Development Group, the parent company of Generation Life, confirmed in April other subsidiaries Evidentia Group and Lonsec Research & Ratings were not affected.

Last month, the annuity provider named Norlena Brouwer as its chief risk officer. She spent over a year as head of business risk and compliance for enablement, transformation and performance at Aware Super.