Industry super fund NGS Super has revealed it fell victim to a cyber attack earlier this month that resulted in limited data being taken from its systems.
No super savings were affected, it confirmed.
“On Friday 17 March 2023 we discovered that a cyber attacker had gained access to some of our systems for a short period of time,” NGS Super stated.
“We immediately shut down our network and began investigations. We also launched comprehensive cyber security protocols and enhanced network monitoring.”
Subsequent investigations revealed that limited data had been taken during the attack.
However, the super fund assured members the incident had not impacted their super savings or the funds’ assets, which remained secure on a separate platform.
It stated: “We will be issuing further communications to members whose information has been impacted by the incident.
“We would like to emphasise that NGS takes cyber security and privacy of all personal information seriously. We sincerely apologise this has happened.”
NGS reiterated that it was committed to protecting the information of its members, using administrative, physical and technical safeguards, including two factor authentication to protect the confidentiality and integrity of personal information and data.
Although the super fund has taken "undertaken all the necessary security measures required", it also encouraged members to take extra steps to protect their personal information.
These included: checking their bank account and superannuation statement for any suspicious activity; using complex passwords on their computer systems, email, and social media accounts; and being alert to all communications and transactions and staying vigilant to any phishing scams that may come by phone, post or email.
“The actions we’ve taken to date and will continue to take have secured our members’ superannuation savings and the fund’s assets," said Natalie Previtera, NGS Super acting chief executive.
"Our ability to respond to potential threats in a timely and efficient manner is at the core of our cyber security framework and allows for immediate action."
Recent data indicated Australian financial services firms had witnessed an 180% increase in targeted attacks during the first half of 2022, a tripled figure when compared to the second half of 2021.
Callum Masson, chief information security officer at Mine Super, had previously described cyber security protection in super as a “fight to keep your head above water”.
Speaking at the Association of Superannuation Trustees (AIST), he said: “With a seemingly endless ‘news cycle’ of threats and incidents, increased regulation to be considered and addressed, in addition to our operational day-to-day management obligations, the primary challenge is balancing the very real demands of cyber security and carving out time to progress, refine, and replan the strategic investment roadmap.”
Super funds had a “tremendous month” in November, according to new data.
Australia faces a decade of deficits, with the sum of deficits over the next four years expected to overshoot forecasts by $21.8 billion.
APRA has raised an alarm about gaps in how superannuation trustees are managing the risks associated with unlisted assets, after releasing the findings of its latest review.
Compared to how funds were allocated to March this year, industry super funds have slightly decreased their allocation to infrastructure in the six months to September – dropping from 11 per cent to 10.6 per cent, according to the latest APRA data.