Australia is once again being subjected to hostile cyber activities, after media reports emerged of hacking attempts against multiple pension funds.
The Association of Superannuation Funds of Australia (ASFA), the industry body down under, announced that the “ASFA is aware that last weekend hackers attempted to get through the cyber-defences of a number of superannuation funds.”
And the bad news it seems that some of the hacking attempts were successful, with Reuters reporting that four people at number one fund AustralianSuper cumulatively had AU$500,000 (£240,690) withdrawn from their accounts.
Pensions attacked
“While the majority of the attempts were repelled, unfortunately a number of members were affected,” noted the ASFA. “Funds are contacting all affected members to let them know and are helping any whose data has been compromised.”
According to Reuters, over 20,000 accounts have been compromised.
National Cyber Security Coordinator Michelle McGuinness reportedly said in a statement she was aware of “cyber criminals” targeting accounts in the country’s A$4.2 trillion ($2.63 trillion) retirement savings sector and was organising a response across the government, regulators and industry.”
Besides AustralianSuper, Australian Retirement Trust, Rest, Insignia and Hostplus on Friday all reportedly confirmed they suffered breaches.
AustralianSuper, the country’s largest fund managing A$365 billion for 3.5 million members, said that up to 600 member passwords had been stolen to access accounts and attempt fraud, Reuters reported.
“We took immediate action to lock these accounts and let those members know,” AustralianSuper’s Chief Member Officer Rose Kerlin reportedly said, urging all members to check their online balances.
Australian Prime Minister Albanese has reportedly been briefed on the matter.
Australian attacks
Australia has suffered a number of high profile cyber attacks in recent years.
In 2022 the Australian government formed a permanent cybercrime task force to try and tackle criminal and nation-state hacking attempts against the country and its institutions.
Cyberattacks in Australia have previously targetted local telco Optus, which impacted 10 million customers.
Another attack targetted the Australian Department of Defence contractor ForceNet.
Data was stolen from Australian insurer Medibank, which disclosed the identities of hundreds of people who filed claims for mental health-related issues
Responsibility for the Medibank hack was claimed by the REvil gang, which was the subject of mass arrests that forced the gang to suspend operations for a time, before it resumed its activities in mid-2022.