Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesBotsEarnCopy
Hackers are targeting Australia’s largest pension funds

Hackers are targeting Australia’s largest pension funds

CryptopolitanCryptopolitan2025/04/06 03:22
By:By Shummas Humayun

Share link:In this post: Hackers targeted major Australian superannuation funds, stealing $500,000 from a few accounts and exposing personal data. Authorities and financial institutions are responding to the breach, urging members to check accounts and update passwords. Credential stuffing using stolen passwords is suspected in the attacks, prompting warnings to use unique logins and enable multifactor authentication.

Hackers have launched coordinated attacks on Australia’s largest pension funds and a handful of users have lost significant sums of money.

The Association of Superannuation Funds of Australia (ASFA) revealed that the attacks happened last weekend and involved attempts to breach multiple superannuation companies, including Hostplus, Rest, AustralianSuper, and Australian Retirement Trust. 

ASFA issued its statement on Friday, explaining that the hackers tried to infiltrate a number of retirement funds. It said a number of customers lost a combined half a million dollars, and some members’ personal data may have been compromised. 

Lieutenant General Michelle McGuinness, Australia’s national cyber security coordinator, confirmed that Hostplus, Rest, AustralianSuper, and Australian Retirement Trust were among the targets. 

Hackers hit major Australian pension funds

Authorities are working closely with banking and financial institutions to fight these intrusions. According to McGuinness, the government is coordinating its response through agencies like the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC). 

Insignia Financial, which operates well-known brands such as MLC and IOOF, said it discovered around 100 accounts on its Expand platform had been targeted, though it did not detect any direct financial impact on clients. 

Rest, on the other hand, reported that as many as 8,000 accounts could have had personal details accessed. AustralianSuper confirmed that a number of customers were impacted, with $500,000 stolen. According to the fund, stolen passwords were used to log into 600 member accounts, which allowed hackers to steal money.

See also OpenAI will release a new "open" AI model soon

AustralianSuper’s chief member officer, Rose Kerlin, said there had been a recent spike in suspicious behavior targeting its member portal and mobile application. She encouraged all members to protect themselves online by checking account details and using strong, unique passwords. 

In the aftermath of the breach, users encountered difficulties logging in on Friday, while high call volumes and periodic online outages caused confusion. Some members found they could not see their account balances or saw a balance of zero, though the fund assured them that this was a temporary glitch.

“Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure,” the fund told members while advising them to confirm bank and contact details within their profiles. This approach, it said, ensures that any would-be hacker is prevented from rerouting funds.

Hackers may have used credential stuffing

Alastair MacGibbon, chief strategy officer at CyberCX, offered a clearer picture of how these hackers operate. He said the technique, known as credential stuffing, is a rising threat. Attackers automate the process of testing stolen login credentials across various sites. Because many people reuse passwords, hackers can unlock numerous accounts. MacGibbon said this method is becoming more common, as almost every Australian adult has experienced at least one data breach in recent years.

See also Elon Musk's Neuralink trials pave way for a brain-computer interface breakthrough

He recommends that individuals protect themselves by creating strong, unique passwords and never using the same password on multiple accounts. MacGibbon also urged organizations to roll out multi-factor authentication across their services and to keep track of whether company or user credentials have been leaked on the dark web. 

Prime Minister Anthony Albanese, speaking on Friday, acknowledged the gravity of the situation but pointed out that Australia faces cyberattacks at a disturbingly frequent rate, roughly once every six minutes. He stressed that the federal government has increased funding for the Australian Signals Directorate and would work diligently to address each new threat. Albanese urged super fund members to stay alert and check their personal accounts often.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Participants Shape Stability: A New Approach for Pi Network

In Brief Price fluctuations in Pi Network have raised concerns among participants. A new decentralized model aims to create stability and better liquidity. Community engagement and project planning are expected to improve significantly.

Cointurk2025/04/06 22:11
Participants Shape Stability: A New Approach for Pi Network

FTX Extends KYC Repayment Deadline to June 1 for 400K Users

The original deadline was March 3, but that has now been pushed to June 1 to give users another shot at verifying their identity and securing their claims.

Cryptotimes2025/04/06 21:00