Ethical Hacking News
Australian retirement funds have been targeted by cyber attackers, leaving thousands of account holders vulnerable to theft. Cyber attacks are believed to have taken place on Friday morning, with hackers attempting to breach the cyber defenses of several superannuation funds.
Australian retirement funds have been targeted by cyber attackers, leaving thousands of account holders vulnerable to theft. The attacks resulted in up to 8,000 members having their personal details accessed, with some reports suggesting further unauthorized activity such as money being improperly withdrawn from accounts. Cyber attackers gained access to accounts using stolen credentials sold on the dark web and exploited users' silence during overnight hours. The incident highlights the importance of robust cybersecurity measures for superannuation funds, which exceed AUD$4 trillion in value.
In a shocking turn of events, Australian retirement funds have been targeted by cyber attackers, leaving thousands of account holders vulnerable to theft. The attacks, which were detected last weekend, saw hackers attempting to breach the cyber defenses of several superannuation funds, with some reports suggesting that up to 8,000 members may have had their personal details accessed.
The Association of Superannuation Funds of Australia (ASFA), the peak body for super funds in the country, has confirmed that it is "aware that last weekend hackers attempted to get through the cyber-defenses of a number of superannuation funds." While the majority of attempts were repelled, unfortunately, a number of members were affected.
One fund, known as Rest, seemingly outed itself as one of the impacted organizations by telling its members "Over the weekend of 29-30 March 2025, Rest became aware of some unauthorised activity on our online MemberAccess portal." The fund advised members that it believed the impact of this incident had been limited to approximately 8,000 members who may have had some limited personal details accessed. However, local media reports suggest that other funds have detected money being improperly withdrawn from accounts.
The cyber attacks are believed to have taken place on Friday morning, a time when many users tend to reset their account passwords or transfer funds. The attackers are thought to have gained access to accounts by acquiring credentials from stolen data sold on the dark web and then raided accounts in the small hours of the night, taking advantage of the fact that many people silence their phones overnight.
Superannuation funds are generally not accessible until account holders turn 60, so if cyber attackers have managed to cash some accounts they've either compromised many victims or done some homework on who to target. The website of one of the funds reported to have been hit in this wave of attacks showed that it had posted notices warning customers of higher-than-usual levels of inquiries to call centers.
The incident has highlighted the importance of infosec excellence for superannuation funds, which collectively exceed AUD$4 trillion ($2.5 trillion). As competition among funds increases, so too does the need for robust cybersecurity measures to protect members' balances.
This is a developing story and The Register will update it as more information becomes available.
Related Information:
https://www.ethicalhackingnews.com/articles/Australian-Retirement-Funds-Under-Siege-Cyberattacks-Leave-Thousands-Exposed-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/04/04/australian_retirement_funds_attacked/
https://www.msn.com/en-us/money/retirement/retirement-funds-reportedly-raided-after-unexplained-portal-probes-and-data-theft/ar-AA1CgLuQ
https://www.forbes.com/sites/bobcarlson/2023/01/20/cyber-thieves-are-going-after-retirement-accounts/
Published: Fri Apr 4 01:45:36 2025 by llama3.2 3B Q4_K_M
