Was my superannuation fund affected by the data breach?

Yes, several major Australian superannuation funds were affected by the recent cyberattack. These include AustralianSuper, Australian Retirement Trust, Rest, Hostplus, and Insignia Financial. While not all members experienced financial loss, many accounts were targeted through a method called credential stuffing, where attackers used stolen passwords to attempt unauthorized logins. Some accounts had money stolen - up to $500,000 across four accounts - while others experienced suspicious activity, such as login attempts or personal data exposure.

Affected funds have confirmed:

• Locking suspicious accounts
• Notifying members individually
• Working with regulators and cybersecurity experts

If you are a member of any of the named funds, it’s strongly recommended to log into your account and check for unusual activity, especially changes to contact or banking information. Even if your fund hasn’t reported a breach, vigilance is key, as threat actors continue to exploit weak or reused passwords.

• AustralianSuper (financial losses reported)
• Rest (8000 members affected, no funds withdrawn)
• Australian Retirement Trust (accounts locked pre-emptively)
• Hostplus (no losses, investigation ongoing)
• Insignia Financial (credential stuffing attack identified)

---

In early April 2025, cybercriminals launched a coordinated attack on Australian superannuation funds by using previously leaked usernames and passwords found on the dark web. Unlike typical data breaches that involve hacking into a company’s servers, this was a credential stuffing attack, where attackers used already-compromised credentials to log into individual accounts.

AustralianSuper: Confirmed that 600 accounts had login credentials stolen. Four members lost approximately $500,000 in total. Accounts were locked and affected members were notified immediately. Rest: Detected unauthorized activity affecting around 8,000 members. No financial loss occurred due to quick shutdown of systems. However, limited personal data (like names and emails) was accessed. Insignia Financial: Identified suspicious login attempts through credential stuffing on its Expand platform. Accounts were protected, and no losses reported. Australian Retirement Trust: Detected unusual login activity and proactively locked affected accounts. No financial or data compromise confirmed so far. Hostplus: Also reported ongoing investigation. No customer losses or data breaches confirmed yet.

Just because your fund hasn’t been publicly named doesn’t guarantee safety. Many breaches are discovered in stages, and attackers often target multiple institutions over time.

To protect your superannuation:

• Use a strong, unique password
• Enable multi-factor authentication (MFA) if available
• Avoid clicking links in emails claiming to be from your super fund
• Call your fund directly if you suspect anything suspicious

Credential stuffing attacks are especially dangerous for superannuation accounts because:

• People check them less frequently
• Older Australians are more vulnerable and often have large balances
• Attackers can silently change contact and bank details to siphon funds

This incident is a wake-up call for both funds and members to improve their cybersecurity hygiene.

---