Australia’s National Cyber Crime Coordinator Michelle McGuinness has confirmed cyber criminals are targeting individual account holders of a number of superannuation funds.
In a statement, McGuinness confirmed, “I am working with agencies across the Australian Government including with the financial system regulators, and with industry stakeholders to provide cyber security advice and coordinate the whole-of-government response to this incident.
The Australian Prudential Regulation Authority (APRA) and Australian Securities and Investments Commission (ASIC) are engaging with all potentially impacted superannuation funds to support safe outcomes for members.
Super fund members should follow the advice of their superannuation funds: check your accounts, remain engaged with your funds if you are concerned you have been impacted, and be vigilant of potential fraud.
If you are concerned about potential impacts from this, the Australian Government’s trusted source of cyber security advice – cyber.gov.au – has information on simple steps you can take to protect yourself online.
We are continuing to work with affected superannuation funds in response to this issue.”
AustralianSuper is providing updates to customers. In a
statement on 4 April, the fund stated, “We are experiencing a high volume of traffic to our call centre, member online accounts and mobile app that is causing intermittent outages. Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure. This is a temporary situation and we’re working hard to resolve it as quickly as possible. We apologise for any inconvenience.
Super funds are defending cyberattacks and identity theft every day and it’s never been more important for members to protect their personal data.”
AustralianSuper Chief Member Officer Rose Kerlin said a recent spike in criminal activity detected by the Fund was a timely warning for members to make sure their account details were correct.
“Over the past week, we have seen a spike in suspicious activity across our member portal and mobile app and we are urging members to take steps to protect themselves online,” Ms Kerlin said.
“This week we identified that cyber criminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud.
“While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online.”
AustralianSuper members are encouraged to log into their account to check that their bank account and contact details are correct and make sure they have a strong and unique password that is not used for other sites.
“We are highlighting this event to make sure members are alert and take all possible precautions to protect their retirement savings,” Ms Kerlin said.
“If members’ details are correct, they don’t need to call us.”
If members have any concerns about their account, they can contact us by phone on 1300 300 273 to speak with the specialist support team. Call volumes are high so if members can’t get through quickly, they can choose to receive a call back.
AustralianSuper has also been working closely with the Australian Signals Directorate, the National Office of Cyber Security, regulators and other authorities.
Ilia Sotnikov, Security Strategist at Netwrix outlined how consumer financial institutions, such as superannuation funds, face the threat of cybercriminals targeting individual client accounts on a daily basis. A large-scale coordinated attack on clients of Australia’s largest superannuation funds, quickly elevates this issue to a national security concern. “While full details of this cyber incident are still emerging, we can make some educated assumptions about what is likely happening:
- Over the past week, attacks on superannuation funds have surged. Criminals have targeted hundreds of member accounts across major funds, successfully accessing and transferring money from some of them. It seems that the funds’ IT systems themselves have not been compromised. Instead, the attackers focused on individual accounts. The attackers may have acquired information using methods such as scraping data from social networks or utilizing leaked password databases. However, specific techniques remain unclear.
- On top of this, on April 3, the U.S. government’s announcement of new tariffs raised significant concerns in global financial markets.
- Together, this news prompted many super fund members to log in and check their investments via fund applications or client portals, resulting in a spike in server requests. Some applications, like AustralianSuper, experienced technical issues under the sudden heavy load, preventing logins or displaying incorrect account balances. This led to confusion and even more user activity.
This incident serves as a crucial reminder that both customers and providers share the responsibility for account security. Superannuation funds are trusted to safeguard consumers’ future financial stability. Customers should remain vigilant by using strong, unique passwords and enabling multi-factor authentication wherever possible. Providers, in turn, must enhance client information security, secure account access, and communicate promptly and clearly when any incidents or concerns arise.