Nearly 30,000 people who took an online AA Travel New Zealand survey are at risk of being hacked by an overseas account.
The travel insurance company sent warning emails to those affected.
The general manager of AA Travel marketing, Rebecca Cherry, said the company is unsure how the cyber-hack happened but a forensic investigation revealed the people who were affected.
"Our site has been accessed by an unauthorised user from outside New Zealand and we have carried out a forensic investigation.
"We know that this unauthorised user has got an email address, a first name and the password that they used to register on our website in regards to our 101 Must-Do's for Kiwis campaign or the Great Kiwi Road Trips campaign."
She said the 28,791 users affected were all sent an email informing them of the breach in security and advised them to change their password as soon as possible.
"We've given them the opportunity to completely unsubscribe from our database ... and have strongly suggested they change their password, especially if they use a common password."
She said AA Travel New Zealand was embarrassed this has happened and cannot be sure how someone overseas had attained customers' secure information.
"We're concerned in regards to getting attacked from overseas and we've all got to be vigilant with our security. We're embarrassed by this happening and we've put additional security measures in place to ensure this doesn't happen again."
The hack has not affected anybody with the AA or the AA website, only those who registered for the AA Travel New Zealand 101 Must-Do's for Kiwis or the Great Kiwi Road Trips campaigns.