Australian superannuation fund providers were targeted en masse last weekend, with as many as 20,000 customer accounts reportedly hijacked in what appears to have been a credential stuffing raid.
Industry body the Association of Superannuation Funds of Australia (ASFA) revealed in a statement on Friday that hackers had targeted “a number of funds” the weekend before.
“While the majority of the attempts were repelled, unfortunately a number of members were affected. Funds are contacting all affected members to let them know and are helping any whose data has been compromised,” it added.
“Retirement savers should be assured superannuation funds and their service providers already have rigorous cyber protections in place.”
Read more on pension threats: BBC Pension Scheme Breached, Exposing Employee Data
Local news reports suggested tens of thousands of accounts may have been compromised, with as much as $500,000 drained from them.
AustralianSuper is the country’s largest fund, worth around AU$365bn ($219bn) and used by some 3.5 million members. It revealed in a statement on Friday that 600 of these members were impacted by cyber-attacks.
“Over the past week, we have seen a spike in suspicious activity across our member portal and mobile app and we are urging members to take steps to protect themselves online,” AustralianSuper chief member officer, Rose Kerlin, said.
“This week we identified that cybercriminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud. While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online.”
Rest Super, which manages around AU$93bn ($56bn), said around 8000 members had “some limited personal details accessed” including first name, email address and member identification number. However, it claimed none of these victims’ funds were impacted.
Insignia Financial cited credential stuffing as the cause of the attacks.
“We detected suspicious activity on around 100 Expand Wrap Platform customers’ accounts and at this stage there has been no financial impact to customers,” its CEO, Liz McCarthy, explained.
“Our cybersecurity team are actively working to apply additional monitoring and mitigations to protect customer accounts. As a precaution we have taken steps to restrict some activities on the Expand Platform.”
Superannuation funds are more commonly known as “pension” schemes in the UK and “defined-benefit” or “defined-contribution plans” in the US.