Cyber Incident Victim: Superannuation of South Australia

In early April 2025, AustralianSuper reported approximately 600 attempted cyber attacks over the preceding month, leading to four members losing a combined $500,000 of retirement savings. Members described being unable to log into their online accounts or mobile application, with some accounts displaying a zero balance. AustralianSuper attributed the access problems to a high volume of traffic causing intermittent outages and asserted that the underlying accounts remained secure despite the displayed figures. The fund noted that it was experiencing a surge in calls to its call centre and that dozens of members had contacted ABC News about difficulties accessing their accounts through the website or apps. AustralianSuper confirmed on Friday afternoon that members had been struggling to get into their accounts and that some accounts were showing a zero balance.

Rest, Hostplus, Insignia and Australian Retirement also disclosed impacts from the same wave of activity. Rest stated that it believed some members may have had limited personal information accessed and said it was working through the situation with those affected individuals. Hostplus confirmed it was still investigating the incident, while ABC News understood that none of the members of those funds had lost retirement savings, though some reported difficulty logging in. The Association of Superannuation Funds of Australia said that other funds had faced attempted cyber attacks over the weekend, that most attempts were repelled but a number of members were affected, and that funds were contacting all affected members to inform them and provide assistance. AustralianSuper issued a statement apologising for the inconvenience, explaining that it was working hard to resolve the issue as quickly as possible and reiterating that members’ accounts were secure even when the interface showed a $0 balance. Several members told ABC News they were extremely concerned because they could not access their accounts online and there was no contact by phone, describing the situation as very disconcerting to see a $0 balance on a Friday.

Speaking while on the campaign trail, the Prime Minister said he had been informed about the attacks and would consider what had occurred before responding in time. Prime Minister Anthony Albanese characterised such incidents as a regular issue, noting that a cyber attack occurs in Australia roughly every six minutes. He indicated that the government would respond in time and was considering what had occurred, while highlighting that federal funding to tackle cyber criminal activity had been increased following previous major breaches at Optus, Medibank and Latitude. The Prime Minister referenced the Medibank case, in which members’ private and sensitive details had been posted to the dark web, as part of the broader context. The affected superannuation funds reported that they were collaborating with the National Cyber Security Coordinator, the federal bureau responsible for tackling cybersecurity threats, to address the incidents and restore normal service.