Australian Superannuation Funds Hit by Cyber Attacks
Several major Australian superannuation funds have fallen victim to cyber attacks, leaving members’ funds compromised. Australian Super, Rest, Host Plus, and Insignia Financial are among those affected. Cybercriminals targeted member accounts using stolen passwords in a series of breaches. The attacks are the latest in a wave of cyber threats aimed at financial institutions in Australia.
Australian Super Experiences Major Breach
Australian Super, the country’s largest superannuation fund, confirmed that cybercriminals targeted members’ accounts. The fund holds more than $360 billion in assets and serves over 3.5 million members. The breach led to the loss of retirement savings for some members, with at least $100,000 stolen.
Over the past month, Australian Super has faced 600 attempted cyber attacks. These attacks led to the compromise of login details for hundreds of members. Four members reported losing substantial amounts from their accounts due to fraudulent activity.
Figure 1: Australian Super has faced multiple cyber attacks over the past month
Rest Super Also Targeted by Cyber Criminals
Rest Super, the 10th largest superannuation fund in Australia, also fell victim to the attacks. The fund manages $92 billion in assets across 2 million members. Cybercriminals accessed personal information, including names, email addresses, and member numbers, of approximately 8,000 members.
The super fund immediately responded by shutting down its online member access portal. Rest began contacting affected members to inform them of the breach. It also implemented cybersecurity protocols to protect member data.
Credential Stuffing Attack Used in Breaches
Cybercriminals employed a method known as credential stuffing. This technique involves using stolen passwords and email addresses to gain unauthorised access to accounts. Australian Super identified that up to 600 accounts had been targeted using this method. Rest Super also confirmed similar activity but assured members that no funds were transferred out of the affected accounts.
Other Funds Impacted by Cyber Attacks
Along with Australian Super and Rest, other superannuation funds such as Host Plus and Insignia Financial were targeted in the same wave of cyber attacks. Insignia Financial confirmed that a “malicious third party” tried to access member accounts. The company explained that the attackers attempted to use stolen credentials to log into the Insignia Financial platform.
While no funds were lost from Host Plus accounts, the fund remains in the process of investigating the breach.
Response from Industry Bodies and Authorities
The Association of Superannuation Funds of Australia (ASFA) acknowledged the ongoing cyber threats targeting the sector. ASFA confirmed that many attacks were repelled but that several funds had experienced breaches. It assured members that affected funds were working directly with impacted individuals to resolve the situation.
Lieutenant General Michelle McGuinness, the National Cyber Security Coordinator, confirmed federal authorities were aware of the breaches. She stated that the government was coordinating efforts across multiple sectors to provide cybersecurity guidance.
Prime Minister’s Statement on Cyber Threats
Prime Minister Anthony Albanese acknowledged the ongoing cyber security challenges Australia faces. He noted that a cyber attack occurs in the country every six minutes, highlighting the regularity of these incidents. Albanese confirmed that the government was aware of the attacks and would respond as necessary.
“We will respond in time. We are considering what has occurred,” he said. The Prime Minister also pointed out the government’s ongoing investment in combating cybercrime. Federal funding has been increased to address the rising number of attacks targeting businesses and individuals.
Superannuation Funds’ Ongoing Efforts to Secure Member Accounts
Australian Super took immediate action to lock accounts and notify members of the breach. The fund has urged members to log into their accounts and verify their contact and bank details. They also advised members to take steps to protect their online security.
Rest Super partnered with cybersecurity company IDCare to assist affected members. The company’s chief executive, Vicki Doyle, stated that the breach had affected less than 1% of the fund’s members. Rest is committed to keeping members informed and supporting them through the recovery process.
Also Read: Gun Scare at MCG: Two Men Charged After Armed Breach During Carlton-Collingwood Clash
Growing Threat of Cyber Attacks in Australia
The recent breaches highlight a growing threat of cybercrime targeting Australian financial institutions. This attack on superannuation funds comes after previous cyber incidents involving major companies like Optus, Medibank, and Latitude. The scale and frequency of these cyber threats have raised concerns about the security of Australians’ personal and financial data.
Cybersecurity experts have warned that superannuation funds are a prime target for cybercriminals due to the vast amount of personal and financial information they store. Funds continue to enhance their security measures to protect members’ data and savings.
Impact on Affected Members
For the members impacted by these breaches, the loss of retirement savings has been devastating. Affected individuals have raised concerns about the long-term impact on their financial futures. Australian Super’s Rose Kerlin stated that the fund was taking all necessary steps to recover stolen funds and help members safeguard their accounts.
“I am aware that cybercriminals are targeting individual account holders of a number of superannuation funds,” said Lieutenant General McGuinness. She advised all affected members to follow their super funds’ instructions carefully to minimise the risk of further damage.
Ongoing Cybersecurity Challenges
The cyber attacks on Australian superannuation funds reflect a broader trend of increasing cyber threats in the financial sector. As cybercriminals become more sophisticated, superannuation funds must continue to invest in stronger cybersecurity measures. Members must also take personal responsibility for securing their online accounts to protect their retirement savings.
The Australian government has pledged to continue supporting efforts to combat cybercrime, but the frequency of these attacks indicates a need for greater vigilance and enhanced security protocols across the sector.
