Cybercriminals are trying to loot Australian pension accounts in new campaign

Hackers are attempting to steal pension savings from a wide range of employee investment funds in Australia, an industry body warned on Friday.

The Association of Superannuation Funds of Australia (ASFA) stated it was “aware that last weekend hackers attempted to get through the cyber-defences of a number of superannuation funds.”

Superannuation funds in Australia are a savings system where part of employees’ wages are compulsorily placed in an investment fund, a system formally introduced by the government in the 1990s to reduce dependence on publicly-funded pensions.

“While the majority of the attempts were repelled, unfortunately a number of members were affected. Funds are contacting all affected members to let them know and are helping any whose data has been compromised,” ASFA said.

One such affected fund, AustralianSuper, confirmed to The Guardian newspaper that a combined AU$500,000 ($305,000) was successfully extracted from the accounts of four of its members. The company says it manages more than AU$365 billion (more than $223 billion) in total on behalf of more than 3.5 million members.

On its website, AustralianSuper confirmed stolen passwords were used to access the accounts of 600 members. The company’s media team did not immediately respond to a question about whether it required multifactor authentication from customers to access their accounts and transfer funds.

Rose Kerlin, the company’s chief member officer, said AustralianSuper took immediate action to lock the affected accounts and inform the members who owned them.

The company’s site warns visitors it is experiencing a high volume of traffic to its call center and online accounts, causing intermittent outages.

“Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure,” the company attempted to reassure customers.

No other funds have yet confirmed whether members’ savings were compromised in the campaign. 

Australia Prime Minister Anthony Albanese said on Friday he had been informed about the hacking campaign and the government would “respond in time” and was “considering what has occurred.”

“Bear in mind the context here. There is a cyberattack in Australia roughly every six minutes. This is a regular issue,” he said.