Several of Australia’s largest superannuation funds have been targeted in a coordinated cyberattack, leading to unauthorized access to customer accounts and financial losses for some members.
Among those affected are major funds such as REST, Hostplus, AustralianSuper, Australian Retirement Trust, and Insignia Financial’s MLC Expand.
Scope of the Cyberattack
AustralianSuper, the nation’s largest super fund, confirmed that cybercriminals used stolen credentials to access the accounts of more than 600 members, attempting to commit fraud.
.png
)
Rose Kerlin, AustralianSuper’s Chief Member Officer, stated, “We have taken immediate action to lock these accounts and are actively assisting impacted members.”
The fund also reported intermittent outages on its online portal and mobile app due to a surge in activity following the attack. Although temporary account disruptions, such as $0 balances, have been noted, AustralianSuper assured members their savings remain secure.
Customer Impact and Emerging Details
While Australian Retirement Trust and Hostplus reported no financial losses among their members, the attackers were able to access limited personal information in some cases.
REST admitted that around 20,000 of its members—approximately 1%—were affected during the breach, although no funds were withdrawn. REST CEO Vicki Doyle outlined the fund’s swift action, including shutting down its portal and implementing cybersecurity protocols.
Similarly, Insignia Financial’s MLC Expand identified suspicious activity on around 100 accounts but confirmed that customer savings were untouched.
Liz McCarthy, CEO of MLC Expand, noted that enhanced monitoring measures have been deployed and certain platform functionalities restricted for safety.
National Response and Government Involvement
The attacks, which primarily occurred in the early hours of the morning to avoid detection, have prompted a national response.
The impacted funds are working closely with the National Cyber Security Coordinator to assess the scale and implications of the breach.
Australian Prime Minister Anthony Albanese addressed the incident, remarking, “Cyberattacks in Australia are not rare—one occurs every six minutes—but these events are particularly troubling given the financial stakes.”
The breach has sparked widespread alarm among industry experts and consumers. Super Consumers Australia CEO Xavier O’Halloran called on superannuation funds to strengthen their digital defenses.
In a statement, he said, “This attack underscores the urgent need for heightened protections. People’s retirement savings are at stake, and the full scope of the damage is still unclear.”
As the investigation progresses, superannuation providers are urging customers to remain vigilant and update their account details, including passwords, to mitigate further risks.
Despite assurances of security measures, the breach serves as a wake-up call for the sector to bolster its defenses against cyber threats, ensuring members’ financial futures remain safeguarded in an increasingly digital world.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
