Recently, several Australian superannuation funds, including AustralianSuper, Rest, and Insignia, fell victim to a cyberattack that exploited stolen passwords to target member accounts. Lieutenant General Michelle McGuinness, the National Cyber Security Coordinator, confirmed that the breach has been acknowledged by federal authorities, highlighting ongoing efforts to mitigate the threat posed by cybercriminals targeting individual account holders.
In a statement, McGuinness assured that collaboration with government and financial regulators, as well as industry stakeholders, is underway to provide security guidance. Members who are concerned about their accounts are advised to follow the recommendations from their respective super funds.
AustralianSuper’s Chief Member Officer, Rose Kerlin, reported a noticeable increase in suspicious activities over the past week. The fund identified that cybercriminals may have utilised the stolen credentials of approximately 600 members in attempts to access their accounts for fraudulent purposes. Immediate action was taken by locking the affected accounts and notifying the members involved. Kerlin urged members to verify their bank and contact details by logging into their accounts.
Insignia Financial acknowledged attempts by a “malicious third party” to breach member accounts through a method known as “credential stuffing”. This technique involves using stolen email addresses and passwords to recurrently attempt logins, applying pressure on private systems. Insignia confirmed unusual login attempts targeting its Expand platform.
Rest superannuation fund also reported being targeted but stated that no funds had been extracted from members’ accounts during these unauthorized access attempts. Rest’s Chief Executive, Vicki Doyle, reassured that the integrity of members’ funds remains intact despite the security threats.
The full extent of this security breach is still unclear, but it is apparent that multiple super funds have faced challenges due to potential data compromises. As the situation develops, members are encouraged to remain vigilant and take proactive steps in protecting their online accounts.