https://www.itnews.com.au/news/aussie-super-funds-targeted-by-fraudsters-using-stolen-creds-616269
https://www.abc.net.au/news/2025-04-04/superannuation-cyber-attack-rest-afsa/105137820
Multiple Australian superannuation funds have been hit by a wave of cyber attacks, with AustralianSuper confirming that four members have lost a combined $500,000 in retirement savings. The nation’s largest retirement fund has reportedly faced approximately 600 attempted cyber attacks in the past month alone.
AustralianSuper has now confirmed that “up to 600” of its members were impacted by the incident. Chief member officer Rose Kerlin stated, “This week we identified that cyber criminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud.” The fund has taken “immediate action to lock these accounts” and notify affected members.
Rest Super has also been impacted, with CEO Vicki Doyle confirming that “less than one percent” of its members were affected—equivalent to fewer than 20,000 accounts based on recent membership reports. Rest detected “unauthorised activity” on its member access portal “over the weekend of 29-30 March” and “responded immediately by shutting down the member access portal, undertaking investigations and launching our cyber security incident response protocols.”
While Rest stated that no member funds were transferred out of accounts, “limited personal information” was likely accessed. “We are in the process of contacting impacted members to work through what this means for them and provide support,” Doyle said.
HostPlus has confirmed it is “actively investigating the situation” but stated that “no HostPlus member losses have occurred” so far. Several other funds including Insignia and Australian Retirement were also reportedly affected.
Members across multiple funds have reported difficulty accessing their accounts online, with some logging in to find alarming $0 balances displayed. The disruption has caused considerable anxiety among account holders.
National cyber security coordinator Lieutenant General Michelle McGuinness confirmed that “cyber criminals are targeting individual account holders of a number of superannuation funds” and is coordinating with government agencies and industry stakeholders in response. The Australian Prudential Regulation Authority (APRA) and Australian Securities and Investments Commission (ASIC) are engaging with all potentially impacted funds.
AustralianSuper urged members to log into their accounts “to check that their bank account and contact details are correct and make sure they have a strong and unique password that is not used for other sites.” The fund also noted it has been working with “the Australian Signals Directorate, the National Office of Cyber Security, regulators and other authorities” since detecting the unauthorised access.
If you’re a member of any of those funds, watch for official communications and be wary of potential phishing attempts that may exploit the situation.