Multiple Australian superannuation funds have been targeted in a coordinated cyberattack that has compromised thousands of accounts and resulted in some members losing retirement savings.
AustralianSuper, the nation's largest retirement fund with approximately 3.5 million members, reportedly faced 600 attempted cyberattacks in the past month. According to reports, four AustralianSuper members lost a combined AUD$500,000 in retirement savings.
Other major funds including Rest, Hostplus, Insignia Financial's MLC Expand, and Australian Retirement Trust were also targeted. Rest confirmed that approximately 20,000 members (about one per cent of its membership) were affected, though the fund stated no money had been taken from these accounts.
"Over the weekend of 29-30 March 2025, Rest became aware of some unauthorised activity on our online Member Access portal," said Rest chief executive officer Vicki Doyle. "We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cyber security incident response protocols."
The attacks reportedly occurred primarily during early morning hours when members would be less likely to notice alert messages about password changes or account activities.
Many affected fund members have reported difficulty accessing their accounts online, with some AustralianSuper customers seeing zero balances when they log in. The fund has attributed this to technical issues rather than actual loss of funds.
"We are experiencing a high volume of traffic to our call centre, member online accounts and mobile app that is causing intermittent outages," AustralianSuper said in a statement. "Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure."
The Association of Superannuation Funds of Australia confirmed that while "the majority of the attempts were repelled, unfortunately a number of members were affected."
Prime Minister Anthony Albanese acknowledged the incident, noting that "there is a cyberattack in Australia about every six minutes. This is a regular issue."
Security experts are advising members to check their accounts, change passwords, and remain vigilant against potential phishing attempts that may follow this incident.
The affected funds are now working with the National Cyber Security Coordinator to assess the impact and strengthen security measures. Industry watchdog Super Consumers Australia has criticised the sector's cybersecurity practices, with chief executive officer Xavier O'Halloran stating: "We audited the security features of major funds two years ago and found significant vulnerabilities."
Australia's superannuation system holds more than AUD$4 trillion (USD$2.5 trillion) in retirement savings, making it an attractive target for cybercriminals.
Recent Stories