POWERED BY MOMENTUM MEDIA
Major cyber breach hits top Australian super funds
In what is being called a coordinated cyber attack, a number of Australia’s largest superannuation funds have suffered a breach with thousands of user accounts compromised.
So far, the super funds affected by the incident include REST, HostPlus, Australian Retirement Trust, AustralianSuper and Insignia, the owner of MLC.
Whilst members of the affected super funds are being urged to check their accounts for suspicious activity, media reports suggest that the threat actors targeted accounts in the pension drawdown phase, as those accounts can request lump sum withdrawals.
Additionally, an anonymous finance expert speaking with Super Review’s sister brand Cyber Daily added that normal superannuation accounts are extremely difficult to withdraw from, resulting in pensioners becoming a likely target for the threat actors.
REST CEO Vicki Doyle revealed that it detected the activity last weekend, adding that 1 per cent of its members, roughly 20,000 according to Sydney Morning Herald, were affected. However, the Australian Financial Review revealed that 8,000 accounts had been affected by the incident.
“Over the weekend of 29-30 March 2025, Rest became aware of some unauthorised activity on our online Member Access portal. We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cyber security incident response protocols,” Doyle said.
“At this stage, we believe that some of our members may have had limited personal information accessed and we are currently working through this with those impacted members.”
Doyle added that no REST accounts have had funds taken out of them, but told the Australian Financial Review that data such as first names, email addresses and member numbers may have been compromised.
Similarly, chief member officer for AustralianSuper, Rose Kerlin, said that it detected a spike in suspicious criminal activity last week.
“Over the past week, we have seen a spike in suspicious activity across our member portal and mobile app and we are urging members to take steps to protect themselves online,” Kerlin said.
“This week we identified that cyber criminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud.
“While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online.”
A spokesperson for AustralianSuper told Cyber Daily that compromised accounts have been locked down with their owners contacted, and that all accounts have had their capabilities restricted to prevent card and banking details from being changed. Additionally, AustralianSuper has contacted the Office of the National Cyber Security Coordinator regarding the incident.
Speaking with the media, Insignia Financial confirmed that the breach was the result of a credential stuffing incident.
“This activity, known as credential stuffing, involved an unusual number of login attempts targeting the Insignia Financial Expand platform. At this stage, we have not observed similar activity across any of our other customer facing platforms,” said a spokesperson for Insignia Financial.
“Our Cyber Security and Wrap Technology teams are actively working to apply additional monitoring and mitigations to protect customer accounts, and as a precaution we have taken steps to restrict some activities on the platform. Some customers will receive communications prompting them to reset their passwords when they next login to their accounts.”
Insignia added that impacted customers would be contacted and that there was currently no financial impact.
The Association of Superannuation Funds of Australia (ASFA) has said that connections between superannuation firms, government agencies and financial services is critical in preventing future cyber attacks.
ASFA, in a statement on Friday, also said that security frameworks should be industry wide and that super funds should engage in information sharing between themselves and critical service providers.
“In a rapidly evolving threat landscape there will always be new and emerging risks, but Australia’s super sector is proactively working together to improve system-wide defences, including through the ASFA Financial Crime Protection Initiative (FCPI),” said ASFA.
“ASFA convenes a regular sector-wide Cyber Security Threat Intelligence Working Group, which brings together industry leaders from across superannuation to respond to emerging cyber security issues.
“Through the FCPI, ASFA will imminently be releasing a Toolkit to ensure strong sector coordination in relation to cyber security.”
“ASFA has also been heavily engaged with government consultations on strengthening Australia’s cyber security protection laws.”
Recommended for you
Donald Trump’s tariff blitz has shaken global markets, fuelling uncertainty over trade retaliation, recession, and economic fallout, while Australia, though bruised, escapes relatively unscathed.
Shadow treasurer Angus Taylor has vowed to slash red tape and introduce a suite of financial services reforms aimed at transforming Australia into a leading financial hub.
Deglobalisation is emerging as a major driver of infrastructure debt opportunities as regions onshore vital industries, a superannuation fund-owned manager has said.
Australian superannuation funds are grappling with heightened global instability, as US policy shifts create a volatile backdrop for investment strategies.
TOP PERFORMING FUNDS
ACS FIXED INT - AUSTRALIA/GLOBAL BOND
Fund name
3y(%)pa
1
Global X GlobalX FANG+ ETF
33.51 3 y p.a(%)
2
Spire Oaktree Opportunities XI Second Close
32.68 3 y p.a(%)
3
DomaCom Lot 21 Chellaston Road Munno Para West SA 5115 Australia
31.62 3 y p.a(%)
4
Spire Oaktree Opportunities XI First Close USD
31.36 3 y p.a(%)
5
Fidante Credit Suisse Global Private Equity
29.60 3 y p.a(%)
