Hackers have targeted several of Australia’s most significant pension funds in coordinated attacks, stealing savings from some members and compromising over 20,000 accounts. The affected funds include AustralianSuper, Australian Retirement Trust, Rest, Insignia, and Hostplus. National Cyber Security Coordinator Michelle McGuinness said the government, regulators, and industry were organizing a response to the attacks on the country’s A$4.2 trillion retirement savings sector.
The Association of Superannuation Funds of Australia confirmed that several funds were impacted over the weekend. AustralianSuper, managing A$365 billion for 3.5 million members, reported that up to 600 member passwords had been stolen to access accounts and attempt fraud. Four AustralianSuper members lost a combined A$500,000 and were transferred to other accounts not belonging to them.
Australian Retirement Trust detected “unusual login activity” affecting “several hundreds” of its 2.4 million members’ accounts.
Super fund cyberattacks impact thousands
The fund locked impacted accounts as a precaution but reported no suspicious transactions or changes made.
With A$93 billion in assets, Rest Super suffered an attack impacting around 20,000 accounts or 1% of its 2 million members. Insignia Financial, owner of MLC, reported “suspicious” login activity on 100 Expand Wrap Platform customer accounts but mentioned no financial impact on members at this stage. Hostplus, with over 1.8 million members and A$115 billion under management, also confirmed an attack but reported no member losses while investigating the extent of the incident.
Prime Minister Anthony Albanese stated he had been briefed about the hacks and mentioned a “considered” response from government agencies. Treasurer Jim Chalmers called the developments “very concerning,” and shadow cyber security minister James Paterson urged funds to reimburse members who lost money. Australia has faced regular cyberattacks, with significant breaches at St Vincent’s Health, private health insurer Medibank, and telecom Optus.
In 2023, the government committed A$587 million to fund a seven-year strategy to improve cybersecurity for citizens, businesses, and agencies.
Photo by Ibrahim Boran on Unsplash