Brought to you by:

Member details exposed, money stolen as hackers hit super funds

Several major superannuation funds were compromised by cybercriminals over the past week, the industry peak body has confirmed.

Most attacks were prevented but hackers breached the defences of some funds, according to the Association of Superannuation Funds of Australia.

Among those identified are Insignia Financial, Australian Retirement Trust, Hostplus, AustralianSuper and Rest Super.

AustralianSuper chief member officer Rose Kerlin says the fund was alerted by a “spike in suspicious activity across our member portal and mobile app”.

She added: “This week we identified that cybercriminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud.

“While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online.”  

Ms Kerlin encourages members to log into their accounts to ensure their details are correct.  

“We are highlighting this event to make sure members are alert and take all possible precautions to protect their retirement savings,” Ms Kerlin said.  

“If members’ details are correct, they don’t need to call us.”  

The Australian Financial Review reported that several AustralianSuper members have been financially affected by the hack, with $500,000 reportedly stolen.  

Rest Super says it had to temporarily shut its access portal last weekend when it became aware of “unauthorised activity”.  

It says about 8000 members may have had limited personal details accessed, but no funds were taken.  

National cybersecurity co-ordinator Michelle McGuinness says government agencies are working with industry groups to investigate the attacks and support affected members.  

“The Australian Prudential Regulation Authority and Australian Securities and Investments Commission are engaging with all potentially impacted superannuation funds to support safe outcomes for members,” she said.  

“Super fund members should follow the advice of their superannuation funds: check your accounts, remain engaged with your funds if you are concerned you have been impacted, and be vigilant of potential fraud.”  

Super Consumers Australia CEO Xavier O’Halloran says the breach shows the need for funds to be brought under the Scams Prevention Framework, which works to enhance protection for banking, telecommunications and digital platform customers.  

“Today’s news is chilling when we know super funds aren’t doing enough to protect Australians’ retirement savings,” Mr O’Halloran said. 

“We’re calling on the next government to urgently extend the new protections to safeguard Australians’ retirement savings against fraudsters, scammers and cybercriminals.

“The super system has no excuse to be unprepared. It’s time to meet community expectations and protect people’s money when it matters most.”  

The Association of Superannuation Funds of Australia says the sector has been working to enhance defences through its Financial Crime Protection Initiative.  

It says the program has included action to establish a hotline between government and super funds to respond to issues, development of industry-wide frameworks to combat financial crimes and further information sharing to improve security.