Cyber attacks target Australian superannuation funds, members report account lockouts and missing funds

A wave of suspected cyber attacks has struck several Australian superannuation funds, with AustralianSuper, the country’s largest retirement savings provider, reporting that four members have collectively lost $500,000 from their accounts. The incidents have raised alarm among fund members, many of whom are currently unable to access their accounts or are encountering incorrect balances, including reports of zero funds displayed.

Over the past month, AustralianSuper has faced approximately 600 attempted cyber intrusions, according to information obtained by ABC News. The fund, which manages billions in retirement savings for more than 3.5 million Australians, acknowledged the ongoing access issues in a statement released Friday.

“We are experiencing a high volume of traffic to our call centre, member online accounts and mobile app that is causing intermittent outages,” AustralianSuper stated. “This is a temporary situation and we’re working hard to resolve it as quickly as possible. We apologise for any inconvenience.”

Members expressed concern and frustration over the lack of access to their funds. One individual described the experience of seeing a zero balance as "very disconcerting," especially at the end of the week. Others noted the anxiety of not being able to confirm the safety of their retirement savings, with some suggesting the issue could be exacerbated by a rush of members simultaneously trying to log in.

AustralianSuper is not the only fund affected. The Association of Superannuation Funds of Australia (ASFA), the industry body representing superannuation funds, confirmed that other major providers — including Rest, Hostplus, Insignia, and Australian Retirement Trust — also experienced attempted cyber breaches.

Although no confirmed financial losses have been reported by these funds, some members have reported difficulties accessing their accounts. Hostplus is continuing to investigate the scope of the incident, while Rest has stated that limited personal information may have been accessed in some cases. "We are currently working through this with those impacted members," Rest said in its statement.

The federal government has been briefed on the incidents. Prime Minister Anthony Albanese addressed the matter during a campaign stop, stating, "I have been informed about that. We will respond in time. We are considering what has occurred." He contextualized the situation by noting that a cyber attack occurs in Australia approximately every six minutes, describing it as a persistent national issue.

Albanese reiterated the government’s commitment to strengthening cyber resilience, referencing recent funding increases aimed at combating cyber crime. These measures were ramped up following high-profile cyber attacks in recent years against companies such as Optus, Medibank, and Latitude, which led to the exposure of sensitive customer data.

The affected superannuation funds are now coordinating with the National Cyber Security Coordinator, a federal agency responsible for responding to and mitigating cyber threats across critical sectors. Efforts are underway to contact impacted members, secure compromised data, and restore full functionality to digital access points.