Cyber Incident Victim: NGS Super
Date:
Mar 2023
Location:
Australia
Summary
NGS Super experienced a cyberattack resulting in the compromise of limited personal member data, prompting immediate network shutdown, investigations, and enhanced security protocols. Member super savings and fund assets remained secure on a separate platform, with no financial impact. The Australian Tax Office imposed temporary protective measures restricting online access for members, later lifting restrictions for most individuals. The fund engaged identity support services and recommended credit monitoring for affected members while confirming ongoing cooperation with regulatory authorities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 17, 2023, NGS Super detected unusual activity within its corporate systems, prompting an immediate network shutdown to contain the incident. The $6 billion pension fund, serving approximately 120,000 members and 17,000 Australian employers, launched a forensic investigation that confirmed unauthorized access by threat actors during a brief period of system compromise. While member superannuation savings and fund assets remained fully secure on a separate platform unaffected by the breach, the attackers exfiltrated "some limited data" containing personal member information. The fund did not publicly specify the exact volume of affected members at initial disclosure, though subsequent communications indicated plans to notify impacted individuals. In response to the breach, the Australian Tax Office implemented broad protective measures on March 22, restricting all NGS members' access to ATO online services regardless of individual exposure. This precautionary lockdown remained partially in effect until July 3, 2023, when restrictions were lifted for most members, with residual protections maintained for a smaller subset requiring phone verification for transactions.
NGS Super engaged cybersecurity experts to implement enhanced monitoring and security protocols while collaborating with law enforcement and financial regulators. The fund formally notified the Australian Prudential Regulation Authority (APRA), Australian Securities and Investments Commission (ASIC), and Office of the Australian Information Commissioner (OAIC) of the breach. Forensic investigators determined the attack vector, though NGS did not disclose technical specifics publicly beyond confirming implementation of remedial security measures. Impacted members received direct notifications starting the week after initial announcements, with compromised data types specified in individualized communications. The fund partnered with IDCARE to provide complimentary identity protection services, offering case management support and credit monitoring through Equifax and Experian. Throughout the response, NGS maintained operational continuity for member transactions via online portals while advising password updates as a precaution. Public statements emphasized no financial loss to accounts but acknowledged incomplete explanations regarding why sensitive data resided on compromised systems, noting this remained under investigation. The ATO maintained its protective stance for remaining affected members beyond July, requiring personalized authentication through designated support channels for account transactions.