The Australian Prudential Regulation Authority has warned the Labor government that cyberattacks on superannuation funds pose a growing threat to the broader banking system, following a coordinated attack in April that targeted major industry funds including AustralianSuper, Australian Retirement Trust, Hostplus and Rest Super. The attack, which used a technique called “credential stuffing” with leaked passwords from the dark web, specifically targeted retirees aged 60 and above during early morning hours when victims were less likely to notice unauthorized account access. APRA emphasized that while the number of affected accounts was small, the incident highlighted critical cybersecurity vulnerabilities in a sector managing more than $4 trillion in retirement savings.
The regulator’s briefing to government revealed that superannuation funds have become an increasingly significant source of funding for banks, with funds holding more than a quarter of all domestic bank stocks and almost a third of bank short-term debt securities. This growing interconnection between the superannuation and banking sectors creates potential systemic risks, particularly if multiple funds were forced to sell bank bills simultaneously to provide collateral during market stress events. APRA noted that recent market turmoil from tariff impositions had materially impacted super funds, which have increased their overseas exposures in recent years, highlighting the need for robust investment governance and accurate valuation of unlisted assets.
The warning comes amid broader concerns about Australia’s financial system stability, with APRA identifying household debt as a critical vulnerability given that over 60 percent of Australian banks’ loan books comprise housing loans. Australia maintains the third-highest level of household debt among OECD countries at 180 percent of incomes, with housing affordability requiring buyers to earn $161,247 nationally to avoid financial stress. Assistant Treasurer Daniel Mulino acknowledged the cyber resilience challenges facing the superannuation sector, emphasizing the importance of strengthening systems to protect members’ retirement savings as the sector continues to grow and take on greater systemic significance within the Australian financial system.