Some participants of AustralianSuper, the country’s top superannuation fund, have lost substantial amounts of retirement savings in industry-wide cyber attacks that potentially compromised the personal data of thousands.
AustralianSuper confirmed on April 4 that cyber criminals may have used up to 600 participants’ stolen passwords over the past week in their attempts to commit fraud. The A$365 billion ($228 billion) fund sought to reassure participants their savings were safe, even if their accounts currently showed a zero balance.
The criminals took a combined A$500,000 from four AustralianSuper accounts, according to a person familiar with the matter who isn’t authorised to speak publicly. The amount was earlier reported by The Australian newspaper.
Rest, which manages A$93 billion, saw unauthorized activity on its online member portal last weekend that impacted around 8,000 participants, it said in an emailed statement. Australian Retirement Trust, the country’s no. 2 fund, and Insignia Financial also experienced suspicious activity.
“We responded immediately by shutting down the member access portal, undertaking investigations and launching our cyber security incident response protocols,” Rest Chief Executive Officer Vicki Doyle said in the statement, adding that no member funds were transferred during the incident.
The industry regulator last year wrote to super funds, banks and insurers telling them cyber resilience was a “supervision priority.” Superannuation funds say they have been scenario-testing for some time.
AustralianSuper said it had seen a spike in suspicious activity over the past week, across its member portal and mobile app, and urged members to take steps to protect themselves. It has been working closely with the National Office of Cyber Security, regulators and other authorities, Kerlin said.
“I am coordinating engagement across the Australian government, including with the financial system regulators, and with industry stakeholders to provide cyber security advice,” National Cyber Security Coordinator Lieutenant General Michelle McGuinness said in a statement.
“Funds are contacting all affected members to let them know and are helping any whose data has been compromised,” the Association of Superannuation Funds of Australia said in a statement.
