Australia's largest pension funds hit by hackers, thousands of dollars stolen

News
By published

Tens of thousands of accounts hit in attack

Abstract image of cyber security in action.
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)
  • Some of Australia's biggest pension funds hit by cyberattack
  • Hackers tried to withdraw hundreds of thousands of dollars
  • The government acknowledged the coordinated attacks

Australia’s superannuation industry is experiencing a barrage of cyberattacks which have seen customers already lose more than AU$500,000.

AustralianSuper, Australian Retirement Trust, Rest, Insignia and Hostplus all confirmed breaches, with the former confirming losing 600 member passwords, which cybercriminals tried to use in fraud attacks.

"We took immediate action to lock these accounts and let those members know," AustralianSuper's Chief Member Officer Rose Kerlin said, stressing that all members should reinforce their accounts with new, stronger passwords, and that they should check their balances.

Monitor your credit score with TransUnion starting at $29.95/month

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Unusual login activity

Four members have cumulatively had AU$500,000 withdrawn from their accounts, Reuters further reported, citing an anonymous source. AustralianSuper is yet to comment on this information.

Rest Super, on the other hand, confirmed that the attack affected 20,000 accounts. "Over the weekend of 29-30 March 2025, Rest became aware of some unauthorized activity on our online Member Access portal," Rest CEO Vicki Doyle said. “We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cyber security incident response protocols."

Australian Retirement Trust also observed “unusual login activity” on “several hundreds” of accounts, but no withdrawals were attempted.

The country’s government has acknowledged these incidents and said it was working on a response.

The industry is a key component of the nation's savings system. It has seen substantial growth and consolidation in recent years. As of December 2024, the industry managed approximately $4.17 trillion in total superannuation assets, up 11.5% increase from the previous year. ​At the same time, there are approximately 23.1 million member accounts across 960 superannuation products.

Via Reuters

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.