Cybercriminals Attack Major Australian Super Funds

Cybercriminals attempted to breach the systems of several superannuation funds over the weekend and, although most attacks were repelled, thousands have been affected.

AustralianSuper Friday confirmed that cyber criminals took a combined A$500,000 ($305,570) from four members’ accounts, Bloomberg News reported.

AustralianSuper reported that it is “experiencing a high volume of traffic to our call center, member online accounts and mobile app that is causing intermittent outages. Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure.”

“This week we identified that cyber criminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud,” said AustralianSuper Chief Member Officer Rose Kerlin, in a statement Friday. “While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online.”

For more stories like this, sign up for the CIO Alert newsletter. 

Other superannuation funds, including Rest, an industry super fund; Australian Retirement Trust, the second-largest fund in Australia; and Insignia Financial also experienced suspicious activity, according to published reports.

Rest said fewer than 1% of its members have been affected by unauthorized activity on its online Member Access portal over the weekend. Reports suggest the incident may have compromised the details of up to 8,000 members.

A statement from Rest CEO Vicki Doyle said the fund responded immediately by shutting down the member access portal, undertaking investigations, and launching its cyber security incident response protocol.

Nevertheless, she said this will be “very concerning” for impacted members, adding the fund is “very sorry this has happened.”

“We’re in the process of contacting impacted members to work through what this means for them and provide support. No member funds were transferred out of impacted members’ accounts due to these unauthorized access attempts,” she said.

Rest said some members may have had limited personal information accessed and that it will continue to update affected individuals and assist them with taking further steps to protect their accounts.

AustralianSuper also confirmed that over the past week it’s seen a spike in suspicious activity across its member portal and mobile app.

AustralianSuper’s Kerlin said the fund has identified that cybercriminals may have used up to 600 members’ stolen passwords to login into their accounts in attempts to commit fraud.

Australian Retirement Trust also confirmed that its digital security system identified unusual login activity and that impacted accounts were locked as a precaution.

A spokesperson said the fund has not identified any suspicious transactions or modifications regarding these accounts.

ART did not respond to a request from Financial Standard to confirm the number of affected accounts

Insignia Financial, meanwhile, said it detected suspicious activity involving an unusual number of login attempts targeted at its Expand Wrap Platform.

Insignia said investigations are ongoing but that it has not observed similar activity on other customer facing platforms.

Liz McCarthy, chief executive of super provider MLC Expand, said suspicious activity has been detected on around 100 Expand Wrap Platform customers’ accounts, adding that there’s been no financial impact at this stage.

“Our Cyber Security team are actively working to apply additional monitoring and mitigations to protect customer accounts. As a precaution we’ve taken steps to restrict some activities on the Expand Platform. We’re communicating with impacted customers and their advisers and will continue to keep them updated,” McCarthy said.

Hostplus, Australia’s fourth largest superannuation fund, which has also reportedly been attacked, said it was aware of a cyber incident involving parts of the superannuation industry and acknowledged the situation may be concerning to some members.

“We’re actively investigating the situation to determine the facts and the extent of any impact to Hostplus. Whilst the investigation remains ongoing, we can confirm that no Hostplus member losses have occurred,” a spokesperson said.

“Our top priority is the security and privacy of our members and their accounts, and we’re taking all necessary measures to protect our systems and data.”

Hostplus said it will provide further information as it becomes available.

Some large superannuation funds appear to have avoided the impact from the broader cybersecurity incident.

AMP said it was aware of the incident affecting several funds and that it was monitoring developments closely. So far, it added that, there’s no evidence of any breach or unauthorized activity on its systems.

“We’ll continue to closely look at all activity across our systems through our 24/7 monitoring capabilities and remain vigilant,” a spokesperson said.

Likewise, Cbus, the construction and building unions superannuation fund, said, at this stage, there is no evidence its members have been impacted.

Aware Super, UniSuper, and Colonial First State also have not been affected, according to Financial Standard reporting.

The Association of Australian Super Funds said retirement savers should be assured super funds and their service providers have rigorous cyber protections in place.

“In a rapidly evolving threat landscape there’ll always be new and emerging risks, but Australia’s super sector is proactively working together to improve system-wide defenses…” ASFA said in a statement.

A version of this article originally appeared in sister publication, Financial Standard, which, like CIO, is owned by ISS STOXX.

Tags: Australian Retirement Trust, Australiansuper, Cybersecurity, Hostplus Superannuation Fund, Superannuation

The Alberta pension manager, with assets rising to $127.7 billion by the end of the year, endured a leadership change forced by the provincial government last November.

The Alberta Investment Management Co., an entity which invests for multiple pension funds, endowments, government and insurance funds in Canada’s province of Alberta, announced a 12.3% total fund return for 2024, slightly underperforming its benchmark by eight basis points.

Assets of the fund rose to C$179.8 billion ($127.71 billion) at the end of 2024, rising by C$15.1 billion over the previous year.

Equities, unsurprisingly, were the fund’s best-performing assets. The asset class returned 24.7%, followed by infrastructure (12.0%), private equity (11.8%), money market and fixed income (4.6%) and renewable resources (1.9%). Real estate had a 2% loss.

The fund announced annualized four- and 10-year returns of 7.4% and 6.9%, respectively.

Never miss a story — sign up for CIO newsletters to stay up-to-date on the latest institutional investment industry news. 

The returns mostly came under previous leadership, as a November 2024 reshuffle of AIMCo leadership and priorities saw the government of Alberta push out longtime AIMCo CEO Evan Siddall and fire multiple senior staffers and the fund’s board, over complaints of rising fees.

Ray Gilmour remains the interim CEO, while former Canadian Prime Minister Stephen Harper is now the board’s chairman. Since the shuffle, the fund has closed its offices in New York City and Singapore, reversing a trend of global expansion under Siddall. The fund still has offices in Edmonton, Calgary, Toronto, London and Luxembourg.