Top super funds hit in mass cyber-attack

  • FST Media
  • 8 April 2025
System Hacked

Australia’s largest superannuation funds have been the subject of a coordinated cyber-attack, leading to a reported loss of nearly half a million dollars from a single fund.

Big-name industry funds Australian Retirement Trust (ART), Australian Super, Cbus, Hostplus, and Rest, alongside retail fund Insignia, were among the reported casualties in the multi-day cyber breach event.

Australia’s biggest industry super fund, AustralianSuper, was among the first to confirm to media outlets last Friday (4 April) that it had been struck, revealing that the passwords of up to 600 member accounts were compromised.

The fund noted that it had recorded a “spike in suspicious activity” over the previous week across its member portal and mobile app.

AustralianSuper chief member officer Rose Kerlin said the fund “took immediate action to lock these accounts and let those members know”.

The industry super fund said it is working with authorities to recover a reported combined loss of $500,000 from four affected member accounts, as well as the Australian Signals Directorate (ASD), the National Office of Cyber Security and regulators since detecting the systems breach.

Rest Super, which said it detected “unauthorised activity” on its member access portal over the previous weekend, confirmed that “less than one percent” of its members (equivalent to around 8,000 member accounts) were affected, with “no member funds… transferred out of impacted members’ accounts”.

However, Rest added, some members may have had limited personal information accessed in the breach, including member first name, email address and identification numbers.

Hostplus similarly recorded no financial losses, crediting the limiting of losses to its strong “security safeguards”, including Multi-Factor Authentication (MFA) and Web Application Firewall (WAF), combined with heightened monitoring protocols.

Insignia confirmed in a statement to the ASX that 100 customer accounts on its financial adviser wrap platform Expand were targeted, with no financial impact to customers reported “at this stage”. Insignia attributed the breach to “credential stuffing”, where cybercriminals attempt to use stolen usernames and passwords from one website to log into other websites associated with that individual.

Cbus, the latest super fund to report suspicious activity, said that a “small number of accounts may have been impacted”, with accounts “proactively deactivated” by the fund’s security team.

Prudential regulator APRA has, as yet, not released a statement on the cyber-attacks though, if history is any guide, are likely to impose additional licence conditions on the affected super funds.

Industry body the Association of Superannuation Funds of Australia (ASFA) issued a statement on Friday confirming it was aware of hackers’ attempts to breach the super funds.

“While the majority of the attempts were repelled, unfortunately a number of members were affected. Funds are contacting all affected members to let them know and are helping any whose data has been compromised,” it said.

“Retirement savers should be assured superannuation funds and their service providers already have rigorous cyber protections in place.”

 

Share This Post
Related News
Merger
RAB, Summerland clear key hurdle to merger
Panel discussion
When legacy becomes a launchpad: Rethinking systems, strategy, & culture in insurance – Panel
Sold Sign
Iress completes transformation with sale of QuantHouse
Financial Conduct Authority
UK financial regulator to establish APAC hub with Aussie leadership
Transaction investigation
Swift unveils new capability to fast-track payments delay investigations

This site uses cookies. Find out more about cookies and how you can refuse them.

I Accept