In a significant cybersecurity breach affecting some of Australia’s largest superannuation funds, hackers have targeted the $4.2 trillion industry, leading to compromised member data and financial losses. The attack has raised alarms among members and prompted urgent action from fund administrators and government officials.
On Friday, April 4, 2025, AustralianSuper, the nation’s largest retirement fund, confirmed that its defenses had been breached, resulting in the compromise of up to 600 accounts. According to the fund’s chief member officer, Rose Kerlin, the hackers managed to steal member passwords and attempted to commit fraud. “Over the past week, we have seen a spike in suspicious activity across our member portal and mobile app,” Kerlin stated. “While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online.”
In addition to AustralianSuper, the retail workers’ default fund REST reported a breach affecting at least 8,000 members. REST chief executive Vicki Doyle explained that the fund immediately shut down its member access portal upon discovering unauthorized activity on March 29-30. “The impact has been limited to less than one percent of our members,” Doyle said, stressing that no member funds were transferred out of impacted accounts. However, some personal information, such as first names, email addresses, and member numbers, may have been accessed.
Other superannuation funds, including Australian Retirement Trust, Hostplus, and Insignia, were also affected by the coordinated cyberattack. While these funds reported that no member losses occurred, they acknowledged that some members faced difficulties accessing their accounts. Insignia Financial noted that around 100 customers had been impacted, but there was no financial loss for customers at this stage.
The Association of Superannuation Funds of Australia (ASFA) confirmed that while the majority of cyberattack attempts were repelled, several members were affected. “Funds are contacting all affected members to let them know and are helping any whose data has been compromised,” ASFA stated. The organization reassured retirement savers that superannuation funds and their service providers have rigorous cyber protections in place.
Prime Minister Anthony Albanese addressed the situation, stating that government agencies would investigate the attack. He warned that cyberattacks have become increasingly common in Australia, occurring roughly every six minutes. “We will respond in time; we’re considering what has occurred,” Albanese said. “But bear in mind the context here: there is an attack, a cyber attack in Australia about every six minutes.”
As the investigation unfolds, superannuation funds are urging their members to check their accounts for signs of fraud, ensure their banking and contact details are correct, and change their passwords if necessary. AustralianSuper reassured its members that even if they were seeing a $0 balance in their accounts, their funds were secure. “This is a temporary situation, and we’re working hard to resolve it as quickly as possible,” the fund stated.
Experts have identified the method of attack as credential stuffing, where hackers use stolen passwords from data breaches to gain access to accounts. Alastair MacGibbon, chief strategy officer at cybersecurity firm CyberCX, emphasized the growing threat of this type of attack. “Credential stuffing is a growing threat to businesses and individuals, and CyberCX is tracking an increase in these attacks,” he said. He advised individuals to use strong, unique passwords and to avoid reusing passwords across multiple accounts.
In light of the recent breaches, the superannuation industry is working collectively to enhance system-wide defenses. ASFA noted that they are establishing a hotline between the sector and relevant government agencies, improving information sharing, and developing frameworks to combat financial and cybercrime.
As the investigation continues, the affected funds are committed to keeping their members informed and providing support. REST’s Doyle expressed her regret over the incident, stating, “We are in the process of contacting impacted members to work through what this means for them and provide support.”
With the ongoing threat of cyberattacks, both members and fund administrators are on high alert, emphasizing the importance of robust cybersecurity measures to protect retirement savings.
