Cyberattacks Breach Australian Superannuation Funds, Compromising Thousands of Accounts

Hackers exploited stolen passwords to target accounts, with some members losing significant funds, prompting a government-coordinated response.

A coordinated cyberattack targeted major Australian superannuation funds, including AustralianSuper, Rest, Hostplus, Insignia Financial, and Australian Retirement Trust.
Hackers used stolen passwords, likely sourced from the dark web, to access accounts, focusing on those eligible for lump sum withdrawals during early morning hours.
AustralianSuper confirmed 600 accounts were compromised, with four members losing a combined A$500,000, while Rest reported data breaches affecting approximately 20,000 accounts but no financial losses.
The Australian government, led by the National Cyber Security Coordinator, is working with regulators and industry stakeholders to investigate and mitigate the breaches.
The attacks underscore the rising threat of credential stuffing in Australia, highlighting vulnerabilities in critical financial systems managing over A$4 trillion in retirement savings.