Cyber Incident Victim: Australian superannuation funds
Date:
Apr 2025
Location:
Australia
Summary
Australian superannuation funds experienced a wave of cyber attacks that disrupted member access and resulted in financial losses for some accounts. The largest fund reported hundreds of intrusion attempts and confirmed that a small group of members lost a combined half‑million dollars while many others faced login issues and zero‑balance displays. Several other funds said they repelled most attempts but acknowledged that limited personal data may have been accessed and that some members struggled to reach their accounts. Authorities noted the incidents fit a pattern of frequent cyber threats and are working with the national cybersecurity coordination body.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
AustralianSuper disclosed that it had faced approximately six hundred attempted cyber attacks over the preceding month, a period during which four of its members collectively lost five hundred thousand dollars in retirement savings. Numerous members reported being unable to log into their online accounts or mobile applications, with some observing a zero balance displayed despite assurances from the fund that their assets remained secure. AustralianSuper attributed the intermittent outages to a high volume of traffic directed at its call centre, member portal and app, emphasizing that the situation was temporary and that it was working to restore normal access as quickly as possible. The fund, which manages assets for at least 3.5 million members and holds billions of dollars in superannuation investments, issued a statement apologizing for the inconvenience while maintaining that member accounts were protected.
Other major superannuation providers also experienced disruption during the same timeframe. Rest, Hostplus, Insignia and Australian Retirement were identified as impacted funds, although none of their members reported direct loss of retirement savings; Hostplus indicated it was still investigating potential effects. Rest noted that some of its members may have had limited personal information accessed and said it was engaging with those individuals to address any concerns. Members of these funds similarly described difficulties accessing their accounts online or via mobile apps, contributing to heightened anxiety among savers who could not verify their balances or transaction histories. The Association of Superannuation Funds of Australia released a statement confirming that several funds had endured attempted cyber attacks over the weekend, noting that while most attempts were thwarted, a number of members had been affected and that the funds were contacting those individuals to provide assistance and information about any compromised data.
At the national level, Prime Minister Anthony Albanese acknowledged the incidents, referencing the broader context of frequent cyber threats in Australia and noting that federal funding to combat cybercrime had been increased following earlier high‑profile breaches at companies such as Optus, Medibank and Latitude. He affirmed that the government was collaborating with the National Cyber Security Coordinator to respond to the attacks on the superannuation sector. The combined effect of the attacks left thousands of members unable to view or manage their retirement savings online, prompted a surge in calls to member support lines and prompted the affected funds to implement internal measures to investigate the scope of the breaches, secure their systems and communicate with impacted members about the status of their accounts and any potential data exposure.