Cyber breach hits big industry funds

Mike Taylor

Managing Editor and Publisher

4 April 2025

Some of Australia’s largest industry superannuation funds have confirmed they have been the subject of a coordinated cyber attack.

Among the funds are AustralianSuper and Rest with AustralianSuper having confirmed to media outlets that it has suffered a breach that saw the passwords of 600 accounts compromised.

Other funds understood to have been affected include Australian Retirement Trust, Hostplus and Insignia.

Industry body, the Association of Superannuation Funds of Australia has issued a statement stating it is aware that last weekend hackers attempted to get through the cyber-defences of a number of superannuation funds.

“While the majority of the attempts were repelled, unfortunately a number of members were affected. Funds are contacting all affected members to let them know and are helping any whose data has been compromised,” it said.  “Retirement savers should be assured superannuation funds and their service providers already have rigorous cyber protections in place. “

“In a rapidly evolving threat landscape there will always be new and emerging risks, but Australia’s super sector is proactively working together to improve system-wide defences, including through the ASFA Financial Crime Protection Initiative (FCPI).

Actions include:

• Establishing a hotline between the superannuation sector, relevant government agencies and related financial services bodies when issues arise.
• Commitments to enhance information sharing between funds and critical service providers, including custodians, administrators and tech providers.
• Developing industry-wide frameworks to combat financial and cyber crime.
• Helping make Australians aware of the actions they can take to protect their super and data from scammers.