Hackers have targeted Australia's largest pension funds in coordinated attacks. A report claims that cybercriminals have used this data breach to steal from the members of the biggest funds, affecting the country’s 4.2 trillion Australian dollar ($2.63 trillion) retirement savings sector. The latest hacking incident has reportedly compromised over 20,000 accounts from multiple major pension funds in Australia.
In a statement to the news agency Reuters, National Cyber Security Coordinator Michelle McGuinness has confirmed tracking cybercriminal activities on these accounts. She also noted that a government-led response, involving regulators and industry, is expected soon.
How has this hacking incident affected Australia’s biggest pension funds
According to a report by Reuters, the industry body Association of Superannuation Funds of Australia noted that “a number” of funds were impacted by the latest breach. The report didn’t mention the exact scale of the hacking incident; however, it noted that funds such as AustralianSuper , Australian Retirement Trust, Rest, Insignia and Hostplus have confirmed breaches.
AustralianSuper, managing A$365 billion for 3.5 million members, reported that up to 600 member passwords were stolen. These passwords were used to access accounts and attempt fraud.
"We took immediate action to lock these accounts and let those members know," said Rose Kerlin, AustralianSuper's Chief Member Officer, urging all members to verify their online balances.
The report also claimed that hackers withdrew a total of 500,000 Australia dollars from four accounts and transferred to unauthorised accounts.
Australian Retirement Trust, managing 300 billion Australian dollars for 2.4 million members, detected unusual login activity on several hundred accounts and locked them as a precaution, with no suspicious transactions reported. Meanwhile, Rest Super, which manages A$93 billion for retail workers, confirmed an attack affecting about 20,000 accounts—roughly 1% of its 2 million members.
In a statement to Reuters, Rest CEO Vicki Doyle said: “Over the weekend of 29-30 March 2025, Rest became aware of some unauthorised activity on our online Member Access portal. We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cyber security incident response protocols.”
Apart from this, Insignia Financial, owner of MLC, also detected suspicious login activity on 100 Expand Wrap Platform accounts, though MLC Expand CEO Liz McCarthy confirmed no financial harm to members. While Hostplus, managing over 1.8 million members and 115 billion Australian dollars in assets, also reported an attack with no member losses, while investigations continue.
In a statement to the news agency Reuters, National Cyber Security Coordinator Michelle McGuinness has confirmed tracking cybercriminal activities on these accounts. She also noted that a government-led response, involving regulators and industry, is expected soon.
How has this hacking incident affected Australia’s biggest pension funds
According to a report by Reuters, the industry body Association of Superannuation Funds of Australia noted that “a number” of funds were impacted by the latest breach. The report didn’t mention the exact scale of the hacking incident; however, it noted that funds such as AustralianSuper , Australian Retirement Trust, Rest, Insignia and Hostplus have confirmed breaches.
AustralianSuper, managing A$365 billion for 3.5 million members, reported that up to 600 member passwords were stolen. These passwords were used to access accounts and attempt fraud.
"We took immediate action to lock these accounts and let those members know," said Rose Kerlin, AustralianSuper's Chief Member Officer, urging all members to verify their online balances.
The report also claimed that hackers withdrew a total of 500,000 Australia dollars from four accounts and transferred to unauthorised accounts.
Australian Retirement Trust, managing 300 billion Australian dollars for 2.4 million members, detected unusual login activity on several hundred accounts and locked them as a precaution, with no suspicious transactions reported. Meanwhile, Rest Super, which manages A$93 billion for retail workers, confirmed an attack affecting about 20,000 accounts—roughly 1% of its 2 million members.
In a statement to Reuters, Rest CEO Vicki Doyle said: “Over the weekend of 29-30 March 2025, Rest became aware of some unauthorised activity on our online Member Access portal. We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cyber security incident response protocols.”
Apart from this, Insignia Financial, owner of MLC, also detected suspicious login activity on 100 Expand Wrap Platform accounts, though MLC Expand CEO Liz McCarthy confirmed no financial harm to members. While Hostplus, managing over 1.8 million members and 115 billion Australian dollars in assets, also reported an attack with no member losses, while investigations continue.
You may also like
Tsunami warning issued after 6.9-magnitude earthquake strikes Papua New Guinea
Tony's Chocolonely issues urgent Easter egg warning over fears they could contain metal shards
Nutritionist explains how to time your last coffee of the day to get a good night's sleep
Man Utd star Andre Onana's wife 'has 62k bag and Rolex stolen' in horrifying ordeal
Schoolboy, 9, dies after being swept away in floodwater while walking to bus stop
