Cyber attacks on Superfunds

Australian Superannuation Funds Targeted by Cyber Attacks: $500,000 Stolen, Thousands Affected

A string of suspected cyber attacks has targeted several major Australian superannuation funds, with at least four AustralianSuper members losing a combined total of $500,000 in retirement savings. The breaches have caused widespread disruption, with many members unable to log in to their accounts and some even seeing $0 balances on their dashboards—prompting confusion, panic, and concern about the security of their retirement funds.

AustralianSuper, the largest retirement fund in the country with more than 3.5 million members, has confirmed it experienced around 600 attempted cyber attacks in the past month. While the fund has reassured members that accounts remain secure and funds have not been deleted, the outages and false account balances have severely impacted member confidence.

“Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure,” AustralianSuper said in a statement.

The disruption has overwhelmed the fund’s call centres and digital services, with intermittent outages reported across its website and mobile app. ABC News received multiple reports from members expressing frustration and anxiety.

“Very disconcerting to have $0 in your super account on a Friday,” one member told ABC.

Other Super Funds Also Affected

The Association of Superannuation Funds of Australia (ASFA) confirmed that multiple funds experienced attempted breaches. While most attacks were repelled, some members of various funds had their personal information accessed, and in some cases, accounts were compromised.

🔍 Super Funds Affected by Cyber Attacks

Each of these funds is currently working with the National Cyber Security Coordinator and has begun contacting affected members to provide support and guidance.

Government Response and Context

Prime Minister Anthony Albanese addressed the situation, highlighting the growing frequency of cyber attacks in Australia.

“There is a cyber attack in Australia roughly every six minutes. This is a regular issue,” he said.

The government had already increased funding for cybersecurity efforts following recent high-profile breaches involving Optus, Medibank, and Latitude, some of which resulted in the exposure of sensitive data on the dark web.

What Should Members Do Now?

Experts urge Australians with superannuation accounts to take proactive steps to secure their information and monitor account activity:

✅ Immediate Actions to Take

• Log in to your super account (if accessible) to check your current balance and recent transactions.

• Change your password immediately, especially if prompted by your fund. Use a strong, unique password.

• Avoid clicking links in unsolicited emails or SMS — these could be phishing attempts exploiting current confusion.

• Watch for official communications from your super fund, but verify authenticity before acting.

• Contact your fund if you notice suspicious activity or can’t access your account.

• Stay alert for scam calls or messages asking for personal or account details.

Cybersecurity experts Dr. Suranga Seneviratne (University of Sydney) and Professor Paul Haskell-Dowland (Edith Cowan University) also warn of follow-on phishing scams. These so-called “spray and pray” attacks may target users via email or SMS pretending to offer support or security updates.

“Scammers often strike during times of confusion, vulnerability, or misunderstanding,” Dr. Seneviratne noted.