Australian Super Funds Targeted in Cyberattack, Thousands of Accounts Breached

Hackers exploited stolen credentials to access superannuation accounts, stealing funds from some members and exposing systemic vulnerabilities.

A coordinated cyberattack over March 29-30, 2025, targeted multiple Australian superannuation funds, affecting thousands of accounts.
Hackers used stolen credentials, likely sourced from the dark web, to breach accounts, focusing on those eligible for lump sum withdrawals.
AustralianSuper reported 600 compromised accounts, with four members losing a combined A$500,000, while Rest confirmed data breaches in 8,000 accounts but no financial losses.
Government agencies, led by the National Cyber Security Coordinator, are collaborating with industry stakeholders to investigate and strengthen cybersecurity measures.
The attacks highlight systemic vulnerabilities in Australia's A$4.2 trillion superannuation system, prompting calls for enhanced protections and better account security practices.