Please be aware of a recent cyber-attack targeting Australian super funds, including AustralianSuper, Australian Retirement Trust, and Rest. This attack has resulted in unauthorised access to member accounts using stolen passwords. The full scale of the breach is still under investigation, but it is believed that multiple super funds have been affected.

What Happened?

Unknown Cybercriminals used stolen passwords to access up to 600 member accounts in an attempt to commit fraud. AustralianSuper detected a spike in suspicious activity across their member portal and mobile app over the past week. AustralianSuper took immediate action, locked the compromised accounts and notified their affected members. Other super funds, such as Australian Retirement Funds, took similar actions.

What to Look Out For

Be vigilant for any unusual activity in your super accounts. This includes unexpected changes to your bank account details, contact information, or any unauthorised transactions. In addition, cybercriminals often use phishing emails to steal login credentials, so be cautious of emails asking for personal information or containing suspicious links.

Our recommendations

  • If you think your super funds might be affected, we recommend to immediately change your passwords for all accounts, especially those related to financial services.
  • Use a combination of letters, numbers, and special characters.
  • Where possible, enable MFA to add an extra layer of security to your account.
  • Regularly check your accounts for any unauthorised activity. Report any suspicious transactions to your financial institution immediately.