Have you checked your superannuation account lately?
Cyberattack on Australian superannuation funds wasn’t just another breach—it was an assault on Australia’s financial security. Over 10,000 accounts were compromised, personal details manipulated, and members left shocked to find their retirement savings (some may call it life savings) instantly wiped to $0.
How Did This Happen?
The simple truth: our cybersecurity standards are slipping, and they’re not keeping pace with evolving threats. Superannuation funds hold billions of dollars and the trust of millions of Australians, yet many are still operating with weaker protections than our banks.
That needs to change. Now.
What Superannuation Funds Must Do Next
In keeping with their Cybersecurity Incident Response Plans, super funds need to take the following actions next:
1) Act Fast to Contain and Respond
Time is critical during a breach. Move quickly to contain the incident and bring in forensic cybersecurity experts to assess what happened and stop things from getting worse.
2) Be Open and Honest
One key lesson from the Optus breach: communication matters. Let affected members know right away. Be clear, upfront, and accurate about what happened, what it means for them, and what’s being done to fix it.
3) Strengthen Your Defenses
Super funds hit by a breach need to take a hard look at their current security setup. That means tightening access controls, improving how identities are verified, and putting real-time monitoring in place—with help from experienced incident response teams.
4) Work Together, Share What You Know
Threats aren’t going away, so it’s vital to collaborate. Get involved in government-backed threat intelligence-sharing groups or strengthen your current participation. The more we share, the better prepared we all are.
If you’re affected, here’s what you can do right now:
1) Contact your super fund immediately
Clarify the impact on your account and demand detailed information about steps they’re taking to protect your savings.
2) Update All Passwords and Security Details
Change your passwords and security questions across your financial accounts, emails, and other important platforms. If you’ve reused passwords (for example, your super and banking passwords are identical), change them immediately.
3) Enable Multi-Factor Authentication (MFA)
MFA significantly enhances your account security. Activate it wherever possible, particularly for your financial and email accounts.
4) Monitor your credit report and financial statements
Regularly check for unusual activities or transactions. Contact your bank and credit reporting agencies if anything seems suspicious.
5) Report incidents to authorities
Report any suspicious activities immediately to authorities like the Police or the Australian Cyber Security Centre (ACSC). Remain vigilant and on high alert over the next few months.
Your retirement savings deserve more than lip service—they deserve real, robust cybersecurity measures.
If you are impacted, we’re keen to hear how you are coping.
