KiwiSaver and superannuation fund manager Booster have apologised following a hacking incident this week, revealing some customer's personal information.
Booster said it was investigating the extent of the incident, in a statement on its website.
All affected customers had been contacted.
"No KiwiSaver or investment clients were affected in any way.
"We are currently investigating to understand the exact extent of what has occurred but are confident this is an isolated incident."
In a customer email seen by RNZ, Booster apologised and said a staff member's personal computer had been hacked, revealing personal details for some customers.
Information includes names, addresses, phone numbers, email addresses and superscheme account balances.
No other information including KiwiSaver balances, identification documentation or passwords were accessed.
Booster said human error was unfortunately a factor.
"We sincerely apologise for any inconvenience this has caused.
"Booster requires multifactor authentication (MFA) to access our system which provides the highest standard of protection.
"The staff member took the wrong action and allowed access when MFA was triggered.
"The safety of our clients' data and investments is our utmost concern.
"We are incredibly disappointed that this mistake has occurred."
The incident has been reported to the Privacy Commissioner and the Financial Markets Authority.