Hackers have launched coordinated attacks on Australia’s largest pension funds and a handful of users have lost significant sums of money.
The Association of Superannuation Funds of Australia (ASFA) revealed that the attacks happened last weekend and involved attempts to breach multiple superannuation companies, including Hostplus, Rest, AustralianSuper, and Australian Retirement Trust.
ASFA issued its statement on Friday, explaining that the hackers tried to infiltrate a number of retirement funds. It said a number of customers lost a combined half a million dollars, and some members’ personal data may have been compromised.
Lieutenant General Michelle McGuinness, Australia’s national cyber security coordinator, confirmed that Hostplus, Rest, AustralianSuper, and Australian Retirement Trust were among the targets.
Hackers hit major Australian pension funds
Authorities are working closely with banking and financial institutions to fight these intrusions. According to McGuinness, the government is coordinating its response through agencies like the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC).
Insignia Financial, which operates well-known brands such as MLC and IOOF, said it discovered around 100 accounts on its Expand platform had been targeted, though it did not detect any direct financial impact on clients.
Rest, on the other hand, reported that as many as 8,000 accounts could have had personal details accessed. AustralianSuper confirmed that a number of customers were impacted, with $500,000 stolen. According to the fund, stolen passwords were used to log into 600 member accounts, which allowed hackers to steal money.
AustralianSuper’s chief member officer, Rose Kerlin, said there had been a recent spike in suspicious behavior targeting its member portal and mobile application. She encouraged all members to protect themselves online by checking account details and using strong, unique passwords.
In the aftermath of the breach, users encountered difficulties logging in on Friday, while high call volumes and periodic online outages caused confusion. Some members found they could not see their account balances or saw a balance of zero, though the fund assured them that this was a temporary glitch.
“Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure,” the fund told members while advising them to confirm bank and contact details within their profiles. This approach, it said, ensures that any would-be hacker is prevented from rerouting funds.
Hackers may have used credential stuffing
Alastair MacGibbon, chief strategy officer at CyberCX, offered a clearer picture of how these hackers operate. He said the technique, known as credential stuffing, is a rising threat. Attackers automate the process of testing stolen login credentials across various sites. Because many people reuse passwords, hackers can unlock numerous accounts. MacGibbon said this method is becoming more common, as almost every Australian adult has experienced at least one data breach in recent years.
He recommends that individuals protect themselves by creating strong, unique passwords and never using the same password on multiple accounts. MacGibbon also urged organizations to roll out multi-factor authentication across their services and to keep track of whether company or user credentials have been leaked on the dark web.
Prime Minister Anthony Albanese, speaking on Friday, acknowledged the gravity of the situation but pointed out that Australia faces cyberattacks at a disturbingly frequent rate, roughly once every six minutes. He stressed that the federal government has increased funding for the Australian Signals Directorate and would work diligently to address each new threat. Albanese urged super fund members to stay alert and check their personal accounts often.
Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More
