Several major Australian superannuation funds were targeted in a cyberattack that led to unauthorized access to customer accounts. Among the affected funds were AustralianSuper, REST, Hostplus, Australian Retirement Trust, and MLC Expand. AustralianSuper confirmed that over 600 members’ accounts were accessed using stolen credentials, but fraud attempts were detected and mitigated. The fund experienced temporary disruptions to its online portal and mobile app, although it assured members that their savings remained secure.
In response to the breach, AustralianSuper locked affected accounts and worked to resolve outages caused by a surge in activity.
REST reported that around 20,000 members were impacted, although no funds were stolen. Hostplus confirmed no member losses but is actively investigating the scope of the attack. MLC Expand also detected suspicious activity on around 100 accounts, but no customer savings were affected, prompting the fund to apply additional security measures.
The cyberattack has sparked a national response, with impacted funds collaborating with the National Cyber Security Coordinator to assess the breach’s full impact. Prime Minister Anthony Albanese acknowledged the widespread issue of cyberattacks in Australia, emphasizing the ongoing risk to industries and consumers.
Super Consumers Australia has called for stronger protections, highlighting the need for superannuation funds to enhance their digital defenses to safeguard customers’ financial futures.
Despite the swift actions taken by the affected funds, the attack has raised concerns among industry experts and consumers about the vulnerability of Australia’s superannuation sector. The breach underscored the urgency for improved cybersecurity measures as the industry continues to face increasing cyber threats. Members are urged to remain vigilant and update their account details to prevent further risks in the evolving landscape of digital threats.
Reference:
