Skip to content   Skip to footer navigation 

Australian super system caught unprepared for cyber attack

Banks, telcos and social media platforms are required to protect Australians from scams, but the super industry is exempt

hacker on computer with icon of older people
Last updated: 04 April 2025
Fact-checked

Fact-checked

Checked for accuracy by our qualified verifiers and subject experts. Find out more about fact-checking at CHOICE.

Need to know

  • At least five superannuation funds have been targeted in a data breach
  • The government's Scams Prevention Framework (SPF) requires banks, telcos and social media platforms to protect Australians from scams, but the super industry is exempt
  • Australians are urged to log in to their super account to check details are correct and report any unusual emails or text messages from their fund 

Members of the super funds Australian Retirement Trust, Australian Super, Hostplus, Rest, Insignia and possibly others will not be having a relaxing weekend.

The major funds recently suffered a cyber attack from criminals who reportedly had familiarity with the Australian super system.

Passwords were apparently harvested from the dark web, and the latest media reports suggest that only AustralianSuper members have so far been hit with fraudulent withdrawals.

The question for affected super members – as well as for the industry as a whole – is which anti-scam protections were in place, and why didn’t they work?

Cyberattack 'shocking and unsettling'

The recent passage of the government's Scams Prevention Framework (SPF) requires banks, telcos and social media platforms to meet new obligations to protect Australians from scams, or risk fines of up to $50 million.

But the legislation doesn't apply to superannuation funds. Recent cyber attacks on a number of major funds shows why this needs to change.

"Reports of this cyberattack on at least five big super funds are shocking and unsettling," says Super Consumers Australia CEO Xavier O'Halloran. "This is people's financial future at risk. And the details and extent of this attack are still emerging."

This is people's financial future at risk. And the details and extent of this attack are still emerging

Super Cnsumers Australia CEO Xavier O'Halloran

The breach follows continual warnings from regulators and consumer advocates that the super sector as a whole is falling behind on cyber-resilience and scam protections. 

As Australians are legally required to put their money into super, this can't be a good thing.

"Today's news is chilling when we know super funds aren't doing enough to protect Australians' retirement savings," O'Halloran says. 

"We're calling on the next Government to urgently extend the new protections to safeguard Australians' retirement savings against fraudsters, scammers and cybercriminals."

The affected funds have reportedly been working with the National Cyber Security Co-ordinator to figure out just how big this hack is. 

What to do if you're concerned your super may be affected

If you're concerned about today's news, Super Consumers Australia has this advice:

  • If possible, log in to your super account to check your details are correct and change your password.
  • Watch out for communications from your super fund.
  • Contact your super fund if you see any unusual activity; for example, SMSs or emails about transactions or changes that you have not requested. 

We're on your side

For more than 60 years, we've been making a difference for Australian consumers. In that time, we've never taken ads or sponsorship.

Instead we're funded by members who value expert reviews and independent product testing.

With no self-interest behind our advice, you don't just buy smarter, you get the answers that you need.

You know without hesitation what's safe for you and your family.

And you'll never be alone when something goes wrong or a business treats you unfairly.

Learn more about CHOICE membership today

We care about accuracy. See something that's not quite right in this article? Let us know or read more about fact-checking at CHOICE.

Stock images: Getty, unless otherwise stated.