Cybercriminals attack major super funds

Cybercriminals attempted to breach the systems of several superannuation funds over the weekend, although most attacks were repelled, thousands have been affected.

Rest said fewer than 1% of its members have been affected by unauthorised activity on its online Member Access portal over the weekend. Reports suggest the incident may have compromised the details of up to 8000 members.

A statement from Rest chief executive Vicki Doyle said the fund responded immediately by shutting down the member access portal, undertaking investigations, and launching its cyber security incident response protocol.

Nevertheless, she said this will be "very concerning" for impacted members, adding the fund is "very sorry this has happened."

"We're in the process of contacting impacted members to work through what this means for them and provide support. No member funds were transferred out of impacted members' accounts due to these unauthorised access attempts," she said.

Rest said some members may have had limited personal information accessed and that it will continue to update affected individuals and assist them with taking further steps to protect their accounts.

AustralianSuper also confirmed that over the past week it's seen a spike in suspicious activity across its member portal and mobile app.

AustralianSuper chief member officer Rose Kerlin said the fund has identified that cybercriminals may have used up to 600 members' stolen passwords to login into their accounts in attempts to commit fraud.

"While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online. We are highlighting this event to make sure members are alert and take all possible precautions to protect their retirement savings," she said.

Financial Standard understands that four AustralianSuper members have lost a combined $500,000 as a result of the attacks.

Australian Retirement Trust (ART), the second largest superannuation fund in Australia, also confirmed that its digital security system identified unusual login activity and that impacted accounts were locked as a precaution.

A spokesperson said the fund hasn't identified any suspicious transactions or modifications regarding these accounts.

Financial Standard contacted ART to confirm the number of affected accounts, however, the fund didn't provide a response.

Insignia Financial, meanwhile, said it detected suspicious activity involving an unusual number of login attempts targeted at its Expand Wrap Platform.

Insignia said investigations are ongoing but that it hasn't observed similar activity on other customer facing platforms.

MLC Expand chief executive Liz McCarthy said suspicious activity has been detected on around 100 Expand Wrap Platform customers' accounts, adding that there's been no financial impact at this stage.

"Our Cyber Security team are actively working to apply additional monitoring and mitigations to protect customer accounts. As a precaution we've taken steps to restrict some activities on the Expand Platform. We're communicating with impacted customers and their advisers and will continue to keep them updated," McCarthy said.

Hostplus, which has reportedly been attacked, said it was aware of a cyber incident involving parts of the superannuation industry and acknowledged the situation may be concerning to some members.

"We're actively investigating the situation to determine the facts and the extent of any impact to Hostplus. Whilst the investigation remains ongoing, we can confirm that no Hostplus member losses have occurred," a spokesperson said.

"Our top priority is the security and privacy of our members and their accounts, and we're taking all necessary measures to protect our systems and data."

Hostplus said it will provide further information as it becomes available.

Some large superannuation funds appear to have avoided the impact from the broader cybersecurity incident.

AMP said it was aware of the incident affecting several funds and that it was monitoring developments closely. So far, it added that, there's no evidence of any breach or unauthorised activity on its systems.

"We'll continue to closely look at all activity across our systems through our 24/7 monitoring capabilities and remain vigilant," a spokesperson said.

Likewise, Cbus said, at this stage, there's no evidence its members have been impacted.

"We're constantly monitoring for threats to ensure our defensive controls are effective for our members," a spokesperson said.

Financial Standard understands Aware Super, UniSuper, and Colonial First State have also not been affected.

The Association of Australian Super Funds (ASFA) said retirement savers should be assured super funds and their service providers already have rigorous cyber protections in place.

"In a rapidly evolving threat landscape there'll always be new and emerging risks, but Australia's super sector is proactively working together to improve system-wide defences..." ASFA said.