Australian Superannuation Funds Hit by Coordinated Cyberattack Compromising Thousands of Accounts

Hackers exploited stolen passwords to target vulnerable account holders, prompting a government-led investigation into the breach's scale and impact.

AustralianSuper, REST, and Insignia Financial are among the major funds targeted in a sophisticated cyberattack affecting thousands of member accounts.
Hackers used stolen passwords, likely sourced from the dark web, to access accounts, focusing on individuals in the pension drawdown phase to exploit withdrawal vulnerabilities.
AustralianSuper confirmed up to 600 member accounts were compromised, while REST reported that 1% of its 2 million members were affected.
The National Cyber Security Coordinator is leading a coordinated response across government agencies and industry stakeholders to assess and mitigate risks.
Members are being urged to monitor their accounts for suspicious activity as investigations continue to determine the full extent of the breach.