Several of Australia’s largest superannuation funds have recently fallen victim to a coordinated cyber attack, resulting in unauthorised access to thousands of member accounts and significant financial losses. The affected funds include AustralianSuper, Rest, and Insignia Financial, The Australian Retirement Trust and Hostplus.
Cyber Attack Targets Big Aussie Funds
Australian Super, the nation’s largest superannuation fund, managing approximately $365 billion for over 3.5 million members, reported that cybercriminals used stolen passwords to access around 600 member accounts.
“Over the past week, we have seen a spike in suspicious activity across our member portal and mobile app.”
Rose Kerlin, Chief Member Officer
She further explained that immediate action was taken to lock the compromised accounts and notify the affected members. Despite these measures, unauthorised transfers totaling several hundred thousand dollars were made from four accounts.
Rest Superannuation Fund
Rest Superannuation Fund, managing $93 billion for 2 million members, also experienced unauthorised activity impacting about 1% of its membership, equating to roughly 8,000 accounts. CEO Vicki Doyle noted that upon detecting the breach, the fund promptly shut down its online member portal and initiated an internal investigation.
“No member funds were transferred out of impacted members’ accounts due to these unauthorised access attempts.”
Vicky Doyle, CEO, Rest Superannuation
Insignia Financial Claims No Impact
Insignia Financial, overseeing $327 billion in assets, acknowledged attempts by a “malicious third-party” to access online pension accounts on its Expand platform. A spokesperson confirmed that, at this stage, there had been no financial impact on members.
The National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, confirmed awareness of these incidents.
She advised individuals to follow the guidance provided by their respective super funds if they have been impacted or have concerns.
“I am coordinating engagement across the Australian Government, including with the financial system regulators, and with industry stakeholders to provide cybersecurity advice.”
Lieutenant General Michelle McGuinness, National Cyber Security Coordinator
Cyber Attacks on the Rise – Be Vigilant
Credential stuffing is a type of cyberattack where hackers use stolen email and password combos to try and break into private accounts through repeated login attempts.
The Association of Superannuation Funds of Australia (ASFA) acknowledged the attempted breaches, noting that while many were thwarted, some members were affected. ASFA stated, “Funds are contacting all affected members to let them know and are helping any whose data has been compromised.”
These incidents highlight the growing threat of cyberattacks targeting financial institutions and the importance of robust cybersecurity measures. Members are encouraged to regularly monitor their accounts, update passwords, and remain vigilant against suspicious activities. The affected super funds collaborate with authorities to investigate the breaches and enhance security protocols to prevent future occurrences.
