Hackers have launched a series of coordinated cyberattacks targeting Australia’s major pension funds,
with some members of the country's largest fund losing significant savings. AustralianSuper, which manages A$365 billion for 3.5 million members, confirmed that up to 600 member passwords had been stolen, allowing attackers to access accounts and commit fraud. As a result, the fund took swift action to lock the affected accounts and notify the impacted members.
According to reports, four AustralianSuper members had a total of A$500,000 stolen from their accounts and transferred to unauthorized third-party accounts. Additionally, over 20,000 accounts are believed to have been compromised in the wider breach, although AustralianSuper has yet to release an official comment beyond its initial statement.
National Cyber Security Coordinator Michelle McGuinness acknowledged that cybercriminals are targeting accounts in Australia’s A$4.2 trillion retirement savings sector. She stated that a coordinated response is underway across government agencies, regulators, and the industry, though the full scope of the attack is still being determined.
Other major funds have also been affected. Australian Retirement Trust, the second-largest fund with A$300 billion in assets, reported detecting “unusual login activity” on several hundred accounts. While there were no unauthorized transactions, the fund proactively locked the affected accounts. Rest Super, which manages A$93 billion for 2 million retail workers, said around 20,000 member accounts—about 1% of its membership—were impacted by an attack over the weekend of March 29–30, 2025. CEO Vicki Doyle said the company responded immediately by disabling the Member Access portal and activating its cybersecurity protocols.
Insignia Financial, with A$327 billion under management, also experienced an attempted breach on its Expand platform. The company said no financial losses had occurred, but it is continuing to monitor the situation. Similarly, Hostplus, which manages A$115 billion for 1.8 million members, confirmed a cyberattack, stating that no member funds were lost, although the full extent of the breach remains under investigation.
Prime Minister Anthony Albanese acknowledged the hacks and promised a "considered" government response. He emphasized that cyberattacks have become a frequent issue in Australia, occurring roughly every six minutes. The country has faced several high-profile breaches in recent years, including those affecting St Vincent’s Health, Medibank, and Optus.
To bolster national cybersecurity, the Australian government committed A$587 million in 2023 toward a seven-year strategy aimed at strengthening protections for citizens, businesses, and public agencies.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
