Hackers have targeted the Association of Superannuation Funds of Australia (ASFA), compromising data and leaving several member companies out of pocket.
While most of the attackers’ attempts to breach a number of superannuation funds were unsuccessful, several companies were affected and are said to have lost around $500,000 between them in what’s believed to have been a credential stuffing attack.
“Funds are contacting all affected members to let them know and are helping any whose data has been compromised,” said ASFA. “Retirement savers should be assured superannuation funds and their service providers already have rigorous cyber protections in place.”
AustralianSuper, Australian Retirement Trust, Rest, Insignia, and Hostplus are all believed to have been affected.
AustralianSuper – the country’s largest fund, worth around $219 billion and with about 3.5 million members – said that 600 of these members have been hit by cyber attacks.
Insignia, meanwhile, said it detected suspicious activity on around 100 Expand Wrap Platform customers’ accounts, but with no financial impact.
“Our Cyber Security team are actively working to apply additional monitoring and mitigations to protect customer accounts. As a precaution we have taken steps to restrict some activities on the Expand Platform,” said the company’s Liz McCarthy, CEO MLC Expand.
“Some customers will receive communications prompting them to reset their passwords when they next log in to their accounts.”
ASFA said the sector has been working to improve system-wide defences, including through the ASFA Financial Crime Protection Initiative (FCPI).
A hotline has been established between the superannuation sector, relevant government agencies, and related financial services bodies, with commitments to enhance information sharing and the development of industry-wide frameworks to combat financial and cyber crime.
Sharp criticism
However, Super Consumers Australia chief executive Xavier O’Halloran said in a LinkedIn post that the attacks demonstrate ‘absolute incompetence’ by the industry.
The consumer advocacy organization audited the super funds and said it warned ASFA/The Voice of Super, Super Members Council (SMC), and Financial Services Council (FSC) of just this type of vulnerability back in 2023.
“My colleagues and I have been sitting in countless meetings with these lobbyists for the last two years calling on the industry to take collective action to combat this threat. The Financial Services Council offered to take coordinated action, but was rejected by ASFA and the SMC,” he said.
“To the FSC’s credit, it implemented a mandatory standard anyway to assist with the rollout of improved multifactor authentication across its member funds, but of course cannot bind the rest of the industry.”
Australia’s National Cyber Crime Coordinator Michelle McGuinness said she was working with agencies across the government, including the financial system regulators, and with industry stakeholders to coordinate a government response.
“Super fund members should follow the advice of their superannuation funds: check your accounts, remain engaged with your funds if you are concerned you have been impacted, and be vigilant of potential fraud,” she said.
MORE FROM ITPRO
Source link
-
-
-
-
-
-
-
-
