'Weak' security on super funds as some see $0 balance
Hackers have targeted hundreds of Australian superannuation accounts from funds managing more than $1 trillion in assets in a coordinated online attack using stolen passwords, with experts warning security needs to be bolstered.
Hostplus, Rest, AustralianSuper and Australian Retirement Trust are among those targeted in an attack confirmed on Friday by Australia's National Cyber Security Coordinator Lieutenant General Michelle McGuinness.
The nation's biggest fund AustralianSuper said hackers allegedly sought lump sum withdrawals from up to 600 accounts.
Its more than 3.4 million members are struggling to log in amid high call-centre traffic and intermittent outages to online services, but some who have been able to gain access have been warned they will not like what they see.
"Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure," the fund said, assuring members it is a temporary glitch.
"We are working hard to resolve is as quickly as possible," it said.
Cybersecurity expert Matthew Warren said multi-factor authentication, requiring uniquely generated codes in addition to entering a password, needs to be implemented for every customer.
"This major cyber attack clearly highlights the weak authentication measures implemented by the Australian superannuation industry," the director of RMIT's cybersecurity centre said.
Insignia Financial, which oversees brands including MLC and IOOF, said about 100 accounts on its Expand platform had been targeted, but no financial impact to customers had been detected.
Rest said 8000 accounts may have had personal information accessed but no member funds were transferred.
"We have already contacted impacted members to reinstate their account access and provide next steps and support," it said.
While some targeted accounts were not breached, the Association of Superannuation Funds of Australia revealed "a number of members" had funds stolen and would be contacted.
The attack took place on the weekend, and follows rising reports of online security threats in Australia with a cyber crime reported every six minutes.
Superannuation and banking firms were working with government agencies to respond to the attack, Lt Gen McGuinness said.
Superannuation funds are urging members to check for signs of fraud, ensure banking and contact details are correct, and change passwords if they are not unique to their account.
The superannuation industry association also confirmed members' funds had been stolen.
"While the majority of attempts were repelled, unfortunately a number of members were affected," the group said in a statement.
It is believed that attackers were targeting accounts that could deliver lump sum withdrawals.
Government agencies would investigate, Prime Minister Anthony Albanese said, warning online attacks had become common.
"There is an attack, a cyber attack in Australia about every six minutes," he said.
The Australian Signals Directorate Annual Cyber Threat Report in 2024 revealed cyber crime reports had increased 12 per cent, with an average of 100 calls per day to the Australian Cyber Security Hotline.

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles

Epoch Times
10 minutes ago
- Epoch Times
Australia Lifts Bio-Restrictions on US Beef in Bid to Defuse Tariff Standoff
The Australian government has finally announced it will remove tough restrictions on fresh U.S. beef imports after months-long internal debate over how to respond to the Trump administration's tariff regime. In April, U.S. President Donald Trump unveiled his administration's sweeping 'Liberation Day' tariffs that saw countries like Australia hit with a 10 percent tariff on all goods going to America.

Epoch Times
an hour ago
- Epoch Times
Darwin Hotel Transformed Into Detention Site as Illegal Fishing Arrests Soar
A hotel in central Darwin has been repurposed into a temporary detention facility to manage a sharp rise in the number of Indonesian nationals apprehended for illegal fishing in northern Australian waters. The Frontier Hotel, located in the city's inner suburbs, is now closed to the public and staffed by uniformed personnel from MTC, a private contractor overseeing the site. Notices at the hotel's entrance restrict access to authorised individuals only.
Yahoo
6 hours ago
- Yahoo
International hotel group to enter UK market with Glasgow opening
Australian international hotel group TFE Hotels is set to make its 'long-awaited' entry into the UK market with the launch of two Adina-branded apartment-hotels in Glasgow and Cambridge. The Wellington Glasgow by Adina, located on the corner of Bath Street and Wellington Street in the city centre, will offer 98 'vibrant, design-forward' studio apartments. TFE Hotels' Chief Executive Officer, Antony Ritch, said the strategic expansion marked a "significant milestone" in the hotel group's global growth trajectory, and reinforced its commitment to "bringing flexible, design-led accommodation to culturally rich destinations". 'The UK debut and the establishment of a UK Country Office by Asli Kutlucan, CEO Europe, is a natural evolution of TFE Hotels' global strategy and signals the beginning of an exciting new chapter in one of the world's most competitive hospitality markets,' Ritch said. READ MORE:'After more than two decade of successful growth across continental Europe, we're also excited to work with partners in the UK to bring the Adina brand to two cities that reflect our values—vibrant, globally connected, and culturally compelling,' he said. 'Europe is a real platform for growth for us as an organisation, and Cambridge and Glasgow as the ideal launchpads for our UK presence, offering strong demand across both leisure and corporate travel sectors.' TFE Hotels was an early pioneer in delivering premium apartment hotels and Australian hospitality in Europe 20 years ago with the launch of Adina, and currently operates apartment-hotels across Germany, Austria, Denmark, Switzerland, Hungary, Australia, New Zealand, and Singapore. The Wellington Glasgow by Adina (Image: TFE Hotels) 'We see the UK as a high-potential market that complements our existing operations,' said TFE's London-based Chief Investment Officer, Andrew Hunter. 'Establishing a presence here enhances global visibility for our brands and allows us to better serve long-haul travellers from Asia – Pacific and North America, as well as intra-European guests seeking premium, apartment-style accommodation.' According to Ritch, TFE Hotels is excited to be entrusted with two beautiful historic UK properties, each with a storied history. 'We're proud to be one of the largest custodians of heritage hotels in Oceania,' Ritch said. 'And we are looking forward to working with our partners to bring part of the same sustainable philosophy to the UK.'