A recent cyber attack has affected several major Australian superannuation funds. It’s unsettling news—especially when your retirement savings are involved. But don’t panic. Here’s what you need to know, and some simple steps you can take to protect your account.
What happened?
The attack involved a method called credential stuffing. This is when cybercriminals use stolen login details from other breaches to access accounts on different platforms. If you’ve ever reused a password, this could put you at risk.
Several funds have reported suspicious activity:
- AustralianSuper: 600 accounts were accessed with stolen passwords. Four members lost a total of $500,000.
- Rest: Around 8,000 members had personal information accessed. No financial losses reported.
- Australian Retirement Trust, Hostplus, and Insignia Financial: Detected unusual activity but have not reported any losses so far.
All super funds have been asked by regulators to report if they’ve been impacted, so more updates may follow.
What should you do if you're a member?
If you or someone you know is a member of any of these funds, here’s what you can do right now:
1. Wait to hear from your fund
Funds are contacting members directly if their data was accessed. Keep an eye on your email or mail and don’t click on any suspicious links.
2. Update your security settings
We strongly recommend changing your super account password and turning on multi-factor authentication (MFA). This adds an extra layer of protection and makes it much harder for attackers to get in.
3. Stay calm if your balance looks off
AustralianSuper has acknowledged some display issues over the weekend. If you saw a $0 balance, it doesn’t necessarily mean your money is gone.
4. Watch your account closely
Monitor your account for any strange activity and report anything suspicious to your fund straight away.
Take action now
Cyber Wardens is here to help small businesses and individuals boost their cyber safety. We recommend completing our free, easy online course and sharing it with friends and family:
👉 cyberwardens.com.au
It only takes 10 minutes, and you’ll walk away with practical tools like creating strong passwords and enabling MFA—small changes that make a big difference.
