Australia’s largest retirement fund, AustralianSuper, has confirmed it was hit with over 600 attempted cyber attacks in the past month, with four of its members losing a combined total of $500,000 from their retirement savings.
The unprecedented breach comes amid growing cyber threats across the financial sector. Other major funds, including Rest, Hostplus, Insignia, and Australian Retirement Trust, were also affected—though to date, none of their members have reported financial losses.
Account access issues and $0 balances spark panic
Reports of locked accounts, app outages, and visible $0 balances have sent shockwaves through fund members. Dozens of affected Australians told ABC News they were unable to access their super accounts, triggering widespread alarm.
“Very disconcerting to have $0 in your super account on a Friday,” one AustralianSuper member shared.
“We are extremely concerned — we cannot access our accounts online, and there is no contact by phone,” another added.
AustralianSuper responded with a statement confirming “intermittent outages” due to high traffic and said it was working to restore functionality.
READ MORE: Why Millions of Mortgage Borrowers Could Be Sorely Disappointed This Year
“Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure,” the statement read.
Industry and government respond to the threat
The Association of Superannuation Funds of Australia (ASFA) confirmed other funds had also been targeted in recent cyber incidents.
“While the majority of the attempts were repelled, unfortunately a number of members were affected,” said ASFA in a statement.
“Funds are contacting all affected members and assisting anyone whose data may have been compromised.”
Rest acknowledged that some limited personal data may have been accessed, while Hostplus is still investigating the extent of its breach.
Prime Minister addresses growing cyber threat
Prime Minister Anthony Albanese confirmed the federal government is aware of the situation and reiterated the seriousness of the national cyber threat landscape.
“There is a cyber attack in Australia roughly every six minutes. This is a regular issue,” he said.
“We will respond in time. We are considering what has occurred.”
Albanese noted that federal cyber crime funding had been increased following major hacks on Optus, Medibank, and Latitude in the past two years.
The impacted funds are currently coordinating their response with the office of the National Cyber Security Coordinator.
What super fund members should do now
Cyber experts are urging Australians to be cautious and vigilant in the days ahead.
Paul Haskell-Dowland, Professor of Cyber Security Practice at Edith Cowan University, recommends:
- Check your account if accessible, and verify your balance.
- Watch for official communication from your super provider.
- Be alert to phishing attempts, especially unsolicited links and calls pretending to offer help.
- Change your password immediately if instructed by your fund—use a unique, secure password.
Dr Suranga Seneviratne from the University of Sydney warns of a likely increase in scam attempts:
“A cyber attack like this could lead to mass-scale ‘spray and pray’ phishing attacks targeting panicked super fund members,” she said.
“Scammers strike during times of confusion and vulnerability.”
Super Consumers Australia advises reporting any suspicious activity—such as unexpected SMS or email notifications about transactions or changes—to your super fund immediately.
Super funds under pressure
With over 3.5 million members, AustralianSuper alone manages billions of dollars in retirement savings. The latest breach highlights the critical importance of cybersecurity within the superannuation sector, as it faces increasing digital threats.
Australia’s super funds collectively invest around $3.2 billion every week—making them a massive and lucrative target for cyber criminals.
As investigations continue, fund members are being urged to monitor their accounts closely and remain on high alert.
