Super fund cyberattack: Things you should know
A calm and fact-filled insight into what is really happening so you can react appropriately.
At around 1:45pm today, several Australian superannuation funds confirmed they had been targeted by what appears to be a co-ordinated cyberattack. Media alerts lit up across the country — and understandably, members are concerned. Many are rushing to check their super balances, including many who are logging in for the very first time.
While the timing of the announcements might suggest a recent incident, conversations with media representatives from the funds reveal the attacks have been occurring over several weeks, not just in the last day or two.
Which funds are affected?
Media reports and direct confirmations indicate that AustralianSuper, Insignia, REST, Hostplus, and ART (Australian Retirement Trust) have all been affected.
Each of these funds is urging members to log in and check their superannuation accounts, including:
Verifying account balances
Reviewing linked bank accounts
Confirming that no account details have been changed
Important note: this is creating massive traffic and massive delays on websites and web infrastructure.
‼️ Massive traffic, massive delays ‼️
This advice has created a wave of pressure on super fund websites across the country. Many funds rely on shared secure infrastructure, and the volume of concerned members trying to access their online portals has been overwhelming.
Thousands of members are now reporting:
Inability to log in
Error messages or zero balances showing (which is an issue when the front end and back end of the website struggle to connect)
Login pages timing out completely
I contacted several funds directly, and the consistent message is this: the traffic from concerned members is crashing servers, not the cyberattack itself. Funds are asking members to remain patient, and to understand that website outages are largely due to volume, not system compromise.
Who is most at risk?
Importantly, the only members currently at risk of money being withdrawn are retirees or those who have unrestricted access to their super accounts. For most members—especially those still working—there’s no facility in place for lump sum withdrawals, which means the risk of actual funds being stolen is very low.
What are the funds saying?
From what I’ve been told by two of Australia’s largest funds, the scale of the attack is limited, and they believe it has been largely contained. We are still awaiting public statements from some of the other funds. ART says they have contacts ALL members affected.
Here’s what we know so far:
AUSTRALIAN SUPER
Around 500 accounts have had details changed
Only 4 accounts have reported actual financial losses
The total value of funds withdrawn: around $500,000
ART (Australian Retirement Trust)
Two waves of attempted attacks
Up to 8,000 accounts were targeted
No money has been withdrawn
ART has emphasised that their security systems triggered early and effectively stopped funds from being accessed.
HOSTPLUS
“We are actively investigating the situation to determine the facts and the extent of any impact to Hostplus. Whilst the investigation remains ongoing, we can confirm that no Hostplus member losses have occurred.”
What should you do?
If you're a member of one of the affected funds:
Try logging in when website traffic is lower (outside peak hours)
Check your account details and linked bank accounts
Contact your fund directly if you see anything unusual
Above all—stay calm. The situation is being monitored closely, and the funds are working hard to keep accounts secure. For most members, the risk remains low.
It is ridiculous that we should accept that any individual can lose their money because of a back door cyber attack on super funds. Any losses should be shared as they are not the fault of the individual user in any way. Our money is not stored away in 1 million separate safe deposit boxes which can be stolen. It is pooled into investments in shares are other things and our own accounts are just are just a number indicating how much of it is ours. A thief breaking in the door and changing that number should not really be taking our money but the super funds money.
Apart from that the super funds have sat on this knowledge for at least a few weeks preparing all their marketing messages together and the rest before announcing that people should check their accounts to see if anything has been changed. My wife is with Aware super and on the day of the announcement they introduced two factor authentication for the first time (i.e. log on with phone number check as well). Rolling out software changes takes time, to develop, test on Chrome, Edge, Safari, Iphone, Windows etc with valid, invalid, international phone numbers etc. So they have all prepared for a long time before telling us to check.
I find it amazing that I haven't had access to my super account for several days. I don't think my account was hacked, but I can't be certain. I would also like to go in and change my investment choices, before the share market dives any further and there are more losses to my balance. I know we're told to hold things steady, but I'm on the verge of retirement and I don't want to have so much held in shares in this trade war market.
Australian Super has a message on their site that the site is down and they're working on things, but there's no time given for when it will be up or any communications being sent out. I tried calling it was hopeless. I don't think this would be tolerated if banks just locked people out of their bank accounts because of high volumes but with super funds its somehow ok even though they're holding huge amounts of people's life savings. These super funds have had it too easy.