some members ot the biggest fund, according to a source that is familiar with the matter, compromising more than 20,000 accounts.
National Cyber Security Coordinator Michella McGuinness has reported in a statement that she was aware of “cyber criminals” that were targeting accounts in the country’s A $4.2 trillion retirement savings sector, even organising a response across the government regulators and industry. However, it is still worth noting how many pension fund members were affected by this encounter.
The country’s largest fund that is managing A$365 billion for nearly 3.5 million members has confirmed that up to 600 member passwords have been stolen in order to acces accounts and commit the fraud.
AustralianSuper’s Chief Member Office Rose Kerlin said in a statement, “We took immediate action to lock these accounts and let those members know," asking all members to verify theri balances.
As the source reported, four of the Australian Super members had also combined a A$500,000 drained from their balances and transferred to accounts that did not belong to them.
It is also worth noting that the Australian Retirement Trust, ranking as the second-largest fund, has A$300 billion for the 2.4 million members, having said that it detected an “unusual login activity”, which affected “several hundred” accounts. The default industry pension fund meant for retail workers, Rest Super, has also suffered from a similar attack that affected around 20,000 accounts.
Vicki Doyle, the CEO of Rest, said, “Over the weekend of 29-30 March 2025, Rest became aware of some unauthorized activity on our online Member Access portal”. Also adding “We responded immediately by shutting down the Member Access portal, undertaking investigations, and launching our cybersecurity incident response protocols.”
Even more so, Hostplus has also confirmed that it has suffered an attack. Hostplus has more than 1.8 million members and A$115 billion under management, reported Reuters. As a response to those attacks, Prime Minister Anthony Albanese said in a briefing about those attacks that a response would be “considered”. Also, adding that such attacks are common in Australia, as one happens every six minutes.
.webp)
