A number of Australian superannuation funds, including the country’s largest fund, were hit by a co-ordinated cyber attack over the weekend, with members of one fund losing up to half a million in savings.
Major funds REST, AustralianSuper, Hostplus, Insignia, and Australian Retirement Trust were breached, per The Australian Financial Review. Combined, these massive super funds represent almost $1 trillion in retirement savings.
AustralianSuper, the country’s largest fund, confirmed it suffered a breach that saw around 600 accounts compromised. It’s the only fund so far to confirm money has been taken, with up to $500,000 believed to be stolen from a handful of members.
REST, the default super fund for retail workers, estimated 8,000 member accounts may have been compromised. Insignia said some 100 accounts were breached. Both funds said member funds were unaffected.
Sources told the Sydney Morning Herald the hackers were able to access the super funds by using known passwords, likely found on the dark web.
The National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, said federal authorities were aware of the breach and Prime Minister Anthony Albanese confirmed this on Friday afternoon.
“We will respond in time. We are considering what has occurred. Bear in the mind, the context here, there is a cyber attack in Australia roughly every six minutes. This is a regular issue,” he said, per ABC News.
The Association of Superannuation Funds of Australia (ASFA) said it was aware hackers attempted to get through the cyber-defences of a number of superannuation funds last weekend.
“While the majority of the attempts were repelled, unfortunately a number of members were affected. Funds are contacting all affected members to let them know and are helping any whose data has been compromised,” it said in a statement.
“Retirement savers should be assured superannuation funds and their service providers already have rigorous cyber protections in place.”
Funds were working with the National Cyber Security Coordinator to assess the depth and the breadth of the problem.
What has AustralianSuper said?
In a statement on Friday, AustralianSuper chief member officer Rose Kerlin said the fund had seen a spike in “suspicious activity” across its member portal and mobile app over the last week.
“This week we identified that cyber criminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud. While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online,” Kerlin said.
As of Friday afternoon, the fund said it was aware that its website and app was facing outages amid a high volume of traffic. Multiple social media users also reported long queues for the call centre.
“We are experiencing a high volume of traffic to our call centre, member online accounts and mobile app that is causing intermittent outages. Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure,” the fund said in a statement.
“This is a temporary situation and we’re working hard to resolve it as quickly as possible. We apologise for any inconvenience.”
What have other affected super funds said?
Insignia Financial said the investigations undertaken to date suggest the attack appears to involve a malicious third-party undertaking an activity known as credential stuffing. It said there has been no financial impact to customers at this stage.
“At this stage, it appears from Insignia Financial’ s investigations that the activity involved an unusual number of login attempts targeted at the Expand Platform,” it said.
“Although investigations are continuing, Insignia Financial has not observed similar activity impacting other customer facing platforms.”
Super fund REST told PEDESTRIAN.TV no member funds were affected and investigations are still ongoing.
“Over the weekend of 29-30 March 2025, Rest became aware of some unauthorised activity on our online Member Access portal. We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cyber security incident response protocols,” said REST chief executive Vicki Doyle.
“Due to our incident response protocols, the impact has been limited to less than one per cent of our members. Nevertheless, this will be very concerning for the members who have been impacted and we are very sorry this has happened.”
Hostplus, the default fund for those working in hospitality and tourism, said it is actively looking into the situation to determine the extent of any impact on the fund and its members. It also confirmed no member losses have occurred, based on an initial investigation.
The country’s second largest super fund, Australian Retirement Trust, said the digital security system identified “unusual login activity” and impacted accounts were locked as a precaution.
“We have not identified any suspicious transactions or modifications regarding these accounts,” a spokesperson said.
The post $500K Believed To Have Been Stolen From Aussie Superfunds In Data Hack Scandal So Far appeared first on PEDESTRIAN.TV .
