Hackers have targeted Australia’s major pension funds in a series of coordinated cyberattacks, compromising over 20,000 accounts and stealing funds from members of the country’s largest retirement fund.
The cybercriminals infiltrated several top funds, including AustralianSuper, Australian Retirement Trust, Rest, Insignia, and Hostplus, causing widespread concern within the A$4.2 trillion ($2.63 trillion) sector.
Michelle McGuinness, Australia’s National Cyber Security Coordinator, confirmed the attacks and stated that efforts were underway to coordinate a response involving government agencies, regulators, and industry players. The breach impacted AustralianSuper, the largest fund managing A$365 billion for 3.5 million members, where up to 600 member passwords were stolen, leading to fraudulent activities.
Four members reported a combined loss of A$500,000 due to unauthorized transfers.
Australian Retirement Trust, managing A$300 billion for 2.4 million members, detected suspicious login activity but reported no financial losses. Rest Super, with A$93 billion in assets, was impacted by an attack affecting approximately 1% of its 2 million members, while Hostplus and Insignia also confirmed cyber incidents, though no funds were reported lost.
Prime Minister Anthony Albanese acknowledged the attacks, describing them as a regular issue in Australia, and vowed a coordinated response from government agencies.
The government had previously committed A$587 million in 2023 for a seven-year cybersecurity strategy, underscoring the growing concerns over digital security in the country’s critical sectors.
The financial losses and breaches have sparked calls for pension funds to reimburse affected members, with cybersecurity experts emphasizing the need for heightened vigilance and proactive measures to prevent future attacks.
