Several of Australia’s largest super funds, including Australiansuper, Rest and Badge, have been beaten by a cyber attack, with stolen passwords used to aim at the accounts of the members.
The Ntional cyber security coordinator, Lieutenant General Michelle McGuinness, confirmed that the federal authorities were aware of the violation.
“I am aware that cybercriminals are pointing to individual account holders of several retirement funds,” said Lieutenant General McGuinness.
“I am coordinating the commitment throughout the Australian government, even with the regulators of the financial system and with the stakeholders of the industry to provide cyber security advice.
“If you have been affected or worried, it may have been affected, follow the council provided by its super background.”
9News has confirmed that at least four Australian clients have had stolen funds in the attack, with losses that are believed to be in the “low hundreds of thousands.”
Australiansuper member director Rose Kerlin said the fund had seen an increase in suspicious activities in the last week.
“During the past week, we have seen an increase in suspicious activities in our member portal and a mobile application and urged members to take measures to protect themselves online,” Kerlin said.
“This week we identify that cybercriminals may have used up to 600 stolen passwords of members to log in to their accounts in attempts to commit fraud,” he said.
“While we take immediate measures to block these accounts and let those members know.”
The fund, which has $ 360 billion assets, encouraged its members to log in to their account to verify that their bank account and contact data were correct.
Financial Baddial said they were aware of a “malicious third party” who tried to access the accounts of their members.
“This activity, known as the credential fillings, implied an unusual number of login attempts aimed at the Financial Expansion Platform,” said a fund spokesman.
Credential filling refers to a kind of cyber attack where criminals use stolen passwords and email addresses to make repeated attempts to log in to private systems.
Rest Super also said they had been attacked, but said they had not retired the funds from any member.
“No members of members were transferred from the accounts of the impacted members due to these unauthorized access attempts,” said Rest executive director Vicki Doyle.
The full scale of the violation is not yet known, but it is believed that multiple super funds have been affected by data violations.
