Spirit Super

Spirit Super operates within Australia's financial services sector, specifically managing superannuation funds for members. The organisation handles sensitive personal and financial data as part of its core operations, including member names, addresses, contact information, account numbers, balances, and identification documents. This data processing inherently involves managing significant risks associated with protecting personal information like tax file numbers, bank account details, and birthdates. The nature of its services necessitates maintaining robust security measures to safeguard member assets and privacy.

A significant cybersecurity incident occurred on May 19, 2022, involving the compromise of a staff email account via a phishing attack. This breach resulted in unauthorized access to a mailbox containing personal member information. While much of the exposed data resembled details found in annual statements, a limited subset included highly sensitive documents. Spirit Super acted swiftly to contain the incident and initiated an investigation to determine the full scope and identify impacted individuals. The organisation prioritised direct outreach to members whose higher-risk sensitive data was exposed during this breach. This incident underscores the critical importance of cybersecurity vigilance within entities managing substantial personal and financial records.