Several of Australia’s largest superannuation funds have confirmed they were targeted in a coordinated cyberattack that compromised tens of thousands of member accounts and led to reported financial losses. The incident has triggered an urgent cross-sector response involving government agencies, regulators and fund administrators.
AustralianSuper, the country’s largest fund with A$365bn in assets under management, stated that hackers used stolen credentials to access up to 600 accounts. The fund said it took prompt action to secure the affected accounts and alert members.
“Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure,” an update on the AustralianSuper website reads. “This is a temporary situation and we’re working hard to resolve it as quickly as possible.”
Australian Retirement Trust, which manages A$300bn on behalf of 2.4 million members, said it had identified suspicious login activity on several hundred accounts and locked access as a precaution. No suspicious transactions were reported.
Insignia Financial, which operates the MLC super fund, reported suspicious login activity involving 100 accounts but confirmed that there had been no financial losses at the time of disclosure.
Rest Super confirmed that around 20,000 accounts, approximately 1% of its membership, were affected during the last weekend of March. CEO Vicki Doyle said the fund shut down its Member Access portal and initiated its cybersecurity incident response protocols following the detection of unauthorised activity.
Hostplus, which manages A$115bn in retirement savings, also acknowledged an incident and said it was still investigating. No member funds had been reported stolen.
Government and cybersecurity agencies coordinate national response
National Cyber Security Coordinator Michelle McGuinness said cyber criminals had targeted the A$4.2 trillion retirement savings sector and confirmed that a whole-of-government response was being coordinated. Prime Minister Anthony Albanese acknowledged being updated on the incidents and highlighted the frequency of cyberattacks in Australia, stating that one is reported approximately every six minutes.
The Association of Superannuation Funds of Australia (ASFA) said most of the attempted intrusions were blocked, although a number of members were impacted. “Funds are contacting all affected members to let them know and are helping any whose data has been compromised,” ASFA said in a statement.
Cybersecurity researchers believe the breach may have involved the use of stolen data available on the dark web, including login credentials. Professor Matt Warren from the RMIT Centre for Cyber Security Research and Innovation told ABC News the attackers likely acquired usernames and passwords and exploited the absence of multi-factor authentication across some platforms.
Members across all impacted funds are being advised to review their login credentials, update passwords and verify personal information. The superannuation providers said that they continue to work with the Australian Signals Directorate, the National Office of Cyber Security, and other relevant authorities as investigations progress.
Read more: Australia orders removal of Kaspersky software from government systems
