Australian superannuation cyberattack: Australian Retirement Trust, AustralianSuper, HostPlus, more targeted

Max Corstorphan
The Nightly
AustralianSuper on Friday confirmed its defences had been breached, with up to 600 accounts compromised.
AustralianSuper on Friday confirmed its defences had been breached, with up to 600 accounts compromised. Credit: Bill Hinton/Getty Images

Multiple Australian super funds have been targeted in a sophisticated cyberattack after passwords were allegedly leaked.

Australian Retirement Trust, AustralianSuper, HostPlus, Rest and Insignia are understood to have been targeted.

Initial information indicates funds have been taken from Australians’ super fund accounts.

Sign up to The Nightly's newsletters.

Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.

Email Us
By continuing you agree to our Terms and Privacy Policy.

Prime Minister Anthony Albanese says he has been briefed on the attack.

AustralianSuper on Friday confirmed its defences had been breached, with up to 600 accounts compromised “in attempts to commit fraud”, with member passwords stolen.

“While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online,” AustralianSuper chief member officer Rose Kerlin said.

“Over the past week, we have seen a spike in suspicious activity across our member portal and mobile app, and we are urging members to take steps to protect themselves online.”

Meanwhile, the cyberattack had compromised the details of least 8000 retail workers’ default fund REST.

REST chief executive Vicki Doyle told staff in an email on Friday: “Last weekend we became aware of some unauthorised activity on our online member access portal”.

“Some members’ personal information such as their first name, email address and member number may have been accessed.

“We responded immediately by shutting down our member access portal, undertaking investigations and launching our cybersecurity protocols and network monitoring,” she said.

Ms Doyle said it was “in the process of communicating directly with these members to guide them through actions to further safeguard the security of their accounts”.

It’s understood Australian Retirement Trust, Hostplus and the biggest retail super fund Insignia have also been subject to the attack.

Association of Superannuation Funds of Australia said while the majority of the attempts were repelled, “unfortunately a number of members were affected”.

“Funds are contacting all affected members to let them know and are helping any whose data has been compromised.”

“Retirement savers should be assured superannuation funds and their service providers already have rigorous cyber protections in place. “

“In a rapidly evolving threat landscape there will always be new and emerging risks, but Australia’s super sector is proactively working together to improve system-wide defences, including through the ASFA Financial Crime Protection Initiative.”

Association of Superannuation Funds of Australia issued a statement on Friday saying: “While the majority of the attempts were repelled, unfortunately a number of members were affected.

“Funds are contacting all affected members to let them know and are helping any whose data has been compromised.”

“Retirement savers should be assured superannuation funds and their service providers already have rigorous cyber protections in place. “

“In a rapidly evolving threat landscape there will always be new and emerging risks, but Australia’s super sector is proactively working together to improve system-wide defences, including through the ASFA Financial Crime Protection Initiative (FCPI).”

More to come...

Comments

Latest Edition

The Nightly cover for 04-04-2025

Latest Edition

Edition Edition 4 April 20254 April 2025

Global markets plunged into chaos as Trump tariff regime sparks $4 trillion bloodbath.