Superfund

The organization, known by the alias Superfund and headquartered in Austria, operates within the superannuation sector, primarily through its Tasmanian-based entity Spirit Super. Spirit Super manages retirement savings for its members, handling sensitive personal and financial information including names, addresses, and super account numbers. A significant cyber incident in May 2022 revealed that approximately 50,000 members' data was potentially exposed following a sophisticated phishing attack that compromised a staff member's email. This event indicates a substantial member base within its Tasmanian operations, though the total assets under management or broader geographic footprint are not detailed in available sources. The organization's core service involves the accumulation and management of funds for members' retirement, placing it within the regulated financial services industry.

The phishing incident underscores the organization's exposure to advanced email-based cyber threats and its responsibility for protecting considerable volumes of personal data. In response, Spirit Super immediately increased security measures for member accounts and initiated a comprehensive review of its data handling practices and staff training programs. The breach involved unauthorized access to a specific mailbox, highlighting a targeted vulnerability in email security protocols. While the incident response demonstrates an adaptive approach to cybersecurity risks, the organization's overall market position, specific regulatory obligations, or ownership structure beyond the mentioned headquarters remain unspecified. The event illustrates the operational and reputational challenges faced by superannuation funds in safeguarding member information against evolving attack vectors.