Major Australian Superannuation Funds Hit by Coordinated Cyberattack

In a significant cybersecurity breach, several large Australian superannuation funds, including AustralianSuper, Australian Retirement Trust, Rest, Hostplus, and Insignia, have been targeted by a coordinated cyberattack. The hackers, likely using stolen passwords, accessed accounts and targeted those in the pension drawdown phase for lump sum withdrawals.

The hackers gained access to the superannuation accounts primarily through a method known as credential stuffing. This involves using stolen passwords, likely obtained from previous data breaches and sold on the dark web, to log into accounts. They employed automated tools to try these passwords on the superannuation fund websites, targeting accounts that could request lump sum withdrawals. The attacks were carried out in the early hours of the morning, reducing the chances of immediate detection by account holders. The hackers specifically targeted accounts in the pension drawdown phase, which are more likely to have larger sums available for withdrawal.

So far, AustralianSuper has reported that some members have had money improperly withdrawn, with losses estimated at several hundred thousand dollars. Other funds are still investigating the extent of the attack, but no other member losses have been identified yet. The funds are working with the National Cyber Security Coordinator to assess the situation and provide cybersecurity advice. Affected members are being contacted and advised to check their accounts for any suspicious activity.

The funds have taken steps to lock affected accounts and are advising members to check their accounts and change their passwords. AustralianSuper reported that up to 600 members' passwords were used to attempt fraud, while Rest Super noted that less than 1% of its members were affected, with no financial losses reported so far. Insignia Financial confirmed no financial impact on its members but has restricted some platform activities as a precaution.

If you have an account with any of these funds, it's crucial to follow the advice provided by your super fund and take steps to secure your online accounts.