Several of Australia’s largest super funds including AustralianSuper, Rest, and Insignia have been hit by a cyberattack, with stolen passwords used to target members’ accounts.
The National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, confirmed that federal authorities were aware of the breach.
“I am aware cybercriminals are targeting individual account holders of a number of superannuation funds,” Lieutenant General McGuinness said.
Insignia Financial said they were aware of a “malicious third party” attempting to access their member’s accounts.
“This activity, known as credential stuffing, involved an unusual number of login attempts targeting the Insignia Financial Expand platform,” a spokesperson for the fund said.
Credential stuffing refers to a kind of cyberattack where criminals use stolen passwords and email addresses to make repeated attempts to log in to private systems.
Rest super also said they had been targeted, but said that no member’s funds had been withdrawn.
“No member funds were transferred out of impacted members’ accounts due to these unauthorised access attempts,” Rest’s Chief Executive Vicki Doyle said.
The full scale of the breach is not yet known, but it is believed that multiple super funds have been affected by data breaches.