Need to know
- At least five superannuation funds have been targeted in a data breach
- The government's Scams Prevention Framework (SPF) requires banks, telcos and social media platforms to protect Australians from scams, but the super industry is exempt
- Australians are urged to log in to their super account to check details are correct and report any unusual emails or text messages from their fund
Members of the super funds Australian Retirement Trust, Australian Super, Hostplus, Rest, Insignia and possibly others will not be having a relaxing weekend.
The major funds recently suffered a cyber attack from criminals who reportedly had familiarity with the Australian super system.
Passwords were apparently harvested from the dark web, and the latest media reports suggest that only AustralianSuper members have so far been hit with fraudulent withdrawals.
The question for affected super members – as well as for the industry as a whole – is which anti-scam protections were in place, and why didn’t they work?
Cyberattack 'shocking and unsettling'
The recent passage of the government's Scams Prevention Framework (SPF) requires banks, telcos and social media platforms to meet new obligations to protect Australians from scams, or risk fines of up to $50 million.
But the legislation doesn't apply to superannuation funds. Recent cyber attacks on a number of major funds shows why this needs to change.
"Reports of this cyberattack on at least five big super funds are shocking and unsettling," says Super Consumers Australia CEO Xavier O'Halloran. "This is people's financial future at risk. And the details and extent of this attack are still emerging."
This is people's financial future at risk. And the details and extent of this attack are still emerging
Super Cnsumers Australia CEO Xavier O'Halloran
The breach follows continual warnings from regulators and consumer advocates that the super sector as a whole is falling behind on cyber-resilience and scam protections.
As Australians are legally required to put their money into super, this can't be a good thing.
"Today's news is chilling when we know super funds aren't doing enough to protect Australians' retirement savings," O'Halloran says.
"We're calling on the next Government to urgently extend the new protections to safeguard Australians' retirement savings against fraudsters, scammers and cybercriminals."
The affected funds have reportedly been working with the National Cyber Security Co-ordinator to figure out just how big this hack is.
What to do if you're concerned your super may be affected
If you're concerned about today's news, Super Consumers Australia has this advice:
- If possible, log in to your super account to check your details are correct and change your password.
- Watch out for communications from your super fund.
- Contact your super fund if you see any unusual activity; for example, SMSs or emails about transactions or changes that you have not requested.
We're on your side
For more than 60 years, we've been making a difference for Australian consumers. In that time, we've never taken ads or sponsorship.
Instead we're funded by members who value expert reviews and independent product testing.
With no self-interest behind our advice, you don't just buy smarter, you get the answers that you need.
You know without hesitation what's safe for you and your family.
And you'll never be alone when something goes wrong or a business treats you unfairly.
Learn more about CHOICE membership today
Stock images: Getty, unless otherwise stated.