Superannuation cyberattack: AustralianSuper, REST among major funds hacked by co-ordinated bid to steal data
Some of Australia’s biggest superannuation funds have been hit by what appears to be a concerted cybersecurity attack on the $4.2 trillion industry.
It understood some of the hackers managed to raid some funds and affected members are now being contacted.
AustralianSuper on Friday confirmed its defences had been breached, with up to 600 accounts compromised “in attempts to commit fraud”, with member passwords stolen.
“While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online,” AustralianSuper chief member officer Rose Kerlin said.
“Over the past week, we have seen a spike in suspicious activity across our member portal and mobile app, and we are urging members to take steps to protect themselves online.”
Meanwhile, the cyberattack had compromised the details of least 8000 retail workers’ default fund REST.
REST chief executive Vicki Doyle said it immediately shut down its member access portal once it became aware of “some unauthorised activity” on March 29-30. As a result, the impact had been limited to less than one per cent of its members.
“No member funds were transferred out of impacted members’ accounts due to these unauthorised access attempts,” Ms Doyle said.
“At this stage, we believe that some of our members may have had limited personal information accessed and we are currently working through this with those impacted members.”
Ms Doyle said some members’ personal information such as their first name, email address and member number may have been accessed.
It’s understood Australian Retirement Trust, Hostplus and the biggest retail super fund Insignia have also been subject to the attack.
Association of Superannuation Funds of Australia said while the majority of the attempts were repelled, “unfortunately a number of members were affected”.
“Funds are contacting all affected members to let them know and are helping any whose data has been compromised.”
“Retirement savers should be assured superannuation funds and their service providers already have rigorous cyber protections in place. “
“In a rapidly evolving threat landscape there will always be new and emerging risks, but Australia’s super sector is proactively working together to improve system-wide defences, including through the ASFA Financial Crime Protection Initiative.”
National cybersecurity co-ordinator lieutenant general Michelle McGuinness said she was aware of cybercriminals targeting individual account holders of a number of super funds.
“I am co-ordinating engagement across the Australian government, including with the financial system regulators, and with industry stakeholders to provide cybersecurity advice,” she said.
“If you have been impacted or are concerned you may have been impacted, follow the advice provided by your super fund.”
Superannuation funds are urging their members to check accounts for signs of fraud, ensure their banking and contact details are correct, and change their password if it is not unique to their account.
Prime Minister Anthony Albanese said government agencies would investigate the attack but he warned that online attacks had become common in Australia.
“We will respond in time, we’re considering what has occurred,” Mr Albanese said.
“But bear in mind the context here: there is an attack, a cyber attack in Australia about every six minutes.”
About The Author
