Image source: Shutterstock

Highlights

  • Multiple Australian pension funds have been impacted by a coordinated hacking campaign.

  • AustralianSuper and REST confirm breaches, with hundreds of accounts compromised.

  • National Cyber Security Coordinator is leading a government-wide response effort.

Australia’s massive AU$4.2 trillion ($2.66 trillion) pension industry has become the latest target of cybercriminals, with a series of coordinated attacks compromising thousands of retirement accounts across major funds. The federal government has launched a swift response, with its National Cyber Security Coordinator Michelle McGuinness confirming the attacks and ongoing coordination efforts across government agencies.

In a statement released Friday, McGuinness said cybercriminals had targeted pension account holders in a concerted effort to exploit personal data and commit fraud.

“We are aware of a number of incidents targeting superannuation accounts and are actively working with impacted organisations to mitigate risks,” she said.

AustralianSuper, the country’s largest pension fund managing AU$365 billion on behalf of 3.5 million members, disclosed that up to 600 member passwords had been stolen and used in fraudulent attempts to access accounts.

REST Super, the default fund for retail workers, which oversees AU$93 billion in assets, also fell victim to a cyber incident. Its CEO Vicki Doyle confirmed that the attack over the past weekend affected around 1% of its 2 million members—potentially impacting up to 20,000 people. REST said it is investigating the breach and has taken steps to protect its systems and customers.

Meanwhile, Insignia Financial (ASX:IFL)—which owns the largest retail superannuation brand and manages AU$327 billion—reported an attempted breach on its Expand platform by what it described as a “malicious third party.” While Insignia confirmed that no financial losses had occurred so far, it remains on high alert amid the broader threat landscape.

The breaches come amid growing concern over cybersecurity vulnerabilities in the financial services sector, particularly within Australia’s superannuation system, which holds a significant portion of citizens' retirement savings. The attacks are believed to have involved credential-stuffing methods, where stolen or reused login credentials are used to gain unauthorised access.

In response, affected funds have ramped up security protocols, locked compromised accounts, and begun direct outreach to impacted members. The Australian Cyber Security Centre (ACSC) is also expected to assist in investigating the incidents and assessing broader industry risks.