At least five superannuation funds have been targeted in a data breach
The government's Scams Prevention Framework (SPF) requires banks, telcos and social media platforms to protect Australians from scams, but the super industry is exempt
Australians are urged to log in to their super account to check details are correct and report any unusual emails or text messages from their fund
Members of the super funds Australian Retirement Trust, Australian Super, Hostplus, Rest, Insignia and possibly others will not be having a relaxing weekend.
The major funds recently suffered a cyber attack from criminals who reportedly had familiarity with the Australian super system.
Passwords were apparently harvested from the dark web, and the latest media reports suggest that only AustralianSuper members have so far been hit with fraudulent withdrawals.
The question for affected super members – as well as for the industry as a whole – is which anti-scam protections were in place, and why didn’t they work?
The recent passage of the government’s Scams Prevention Framework (SPF) requires banks, telcos and social media platforms to meet new obligations to protect Australians from scams, or risk fines of up to $50 million.
But the legislation doesn’t apply to superannuation funds. Recent cyber attacks on a number of major funds shows why this needs to change.
“Reports of this cyberattack on at least five big super funds are shocking and unsettling,” says Super Consumers Australia CEO Xavier O’Halloran. “This is people’s financial future at risk. And the details and extent of this attack are still emerging.”
This is people’s financial future at risk. And the details and extent of this attack are still emerging
Super Cnsumers Australia CEO Xavier O'Halloran
The breach follows continual warnings from regulators and consumer advocates that the super sector as a whole is falling behind on cyber-resilience and scam protections.
As Australians are legally required to put their money into super, this can’t be a good thing.
“Today’s news is chilling when we know super funds aren’t doing enough to protect Australians’ retirement savings,” O’Halloran says.
“We’re calling on the next Government to urgently extend the new protections to safeguard Australians’ retirement savings against fraudsters, scammers and cybercriminals.”
The affected funds have reportedly been working with the National Cyber Security Co-ordinator to figure out just how big this hack is.
Andy Kollmorgen is the Investigations editor at CHOICE. He reports on a wide range of issues in the consumer marketplace, with a focus on financial harm to vulnerable people at the hands of corporations and businesses.
Prior to CHOICE, Andy worked at the Australian Securities and Investments Commission (ASIC), and at the Australian Financial Review. Andy is a former member of the NSW Fair Trading Advisory Council.
Andy has a Bachelor of Arts in English from New York University.
Find Andy on Twitter and LinkedIn.
Andy Kollmorgen is the Investigations editor at CHOICE. He reports on a wide range of issues in the consumer marketplace, with a focus on financial harm to vulnerable people at the hands of corporations and businesses.
Prior to CHOICE, Andy worked at the Australian Securities and Investments Commission (ASIC), and at the Australian Financial Review. Andy is a former member of the NSW Fair Trading Advisory Council.
Andy has a Bachelor of Arts in English from New York University.
Find Andy on Twitter and LinkedIn.
For more than 60 years, we've been making a difference for Australian consumers. In that time, we've never taken ads or sponsorship.
Instead we're funded by members who value expert reviews and independent product testing.
With no self-interest behind our advice, you don't just buy smarter, you get the answers that you need.
You know without hesitation what's safe for you and your family. And our recent sunscreens test showed just how important it is to keep business claims in check.
So you'll never be alone when something goes wrong or a business treats you unfairly.
