Cyberattack Hits Major Australian Super Funds, Exposing Member Accounts

Several major Australian superannuation funds have fallen victim to a coordinated cyberattack, where stolen passwords were used to access member accounts, potentially leading to fraudulent activity and financial losses.

The National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, confirmed that the federal government is actively involved in responding to the incident.

"I am aware that cybercriminals are targeting individual account holders of a number of superannuation funds," she said. "We are coordinating efforts across the Australian Government, financial regulators, and industry to provide cyber security advice and support. If you believe you may have been affected, please follow the guidance from your super fund."

AustralianSuper reported a noticeable spike in suspicious activity through its online portal and mobile app over the past week. According to Chief Member Officer Rose Kerlin, the fund detected that cybercriminals may have used stolen credentials to attempt access to around 600 member accounts.

"While we responded quickly by locking down the affected accounts and notifying impacted members, we are urging all members to review their account details and ensure their contact and banking information is accurate," Kerlin said.

The full scope of the breach is still being assessed, but it is believed that multiple super funds have been affected. Among those reportedly impacted are Australian Retirement Trust, AustralianSuper, Hostplus, Rest, and Insignia, one of the country’s largest retail super providers.

Sources familiar with the investigation suggest the hackers likely obtained login details from the dark web and may have specifically targeted retirees drawing down from their superannuation, as they are able to request lump sum withdrawals. These unauthorized access attempts often occurred during early morning hours, reducing the chance of real-time alerts being noticed.

Authorities and industry stakeholders continue to investigate the extent of the incident and are working to bolster cyber protections across the sector. Superannuation members are being strongly encouraged to change their passwords, enable multi-factor authentication where available, and monitor their accounts closely for any unusual activity.