A handful of Australians are among a group of additional victims of a cyber attack where criminals stole a quarter of a million dollars from their retirement nest eggs.
A superannuation fund had identified a small number of additional members who had been impacted in the mass cyber attack, the National Cyber Security Coordinator said on April 11.
“The funds are continuing to work with the financial regulators on steps to enhance their cyber security settings,” Lieutenant General Michelle McGuinness said.
AustralianSuper has confirmed a total of 10 members had a combined $750,000 (US$472,000) transferred out of their accounts.
This was up from the previously revealed four victims who lost half a million dollars.
The super fund said the members were fully reimbursed this week and have been offered expert and independent support.
Its chief member officer Rose Kerlin has also spoken directly to several of those impacted.
“AustralianSuper’s systems remained secure in this incident, but we acknowledge the distress it has caused and thank members for their ongoing patience as we continue to work directly with those affected,” the fund said in a statement.
Thousands of superannuation accounts across multiple funds, including Hostplus, Rest, AustralianSuper, Insignia Financial, and Australian Retirement Trust, were targeted in March in a coordinated attack.
Superannuation funds manage more than $4.1 trillion (US$2.6 trillion) in assets on behalf of around 17 million Australians according to the Association of Superannuation Funds of Australia.
AustralianSuper, which is the nation’s biggest fund, said hackers allegedly sought lump sum withdrawals from up to 600 accounts.
Its more than 3.4 million members subsequently struggled to log in amid high call-centre traffic and intermittent outages to online services, as the fund assured customers who saw $0 in their balance it was a temporary glitch.
Rest and Australian Retirement Trust confirmed its members were not financially affected in the latest update.
Funds have urged members to check for signs of fraud, ensure banking and contact details are correct, and change passwords if they are not unique to their account.
