April 4, 2025 By Sergiu Gatlan
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members’ accounts.
The Association of Superannuation Funds of Australia (ASFA), Australia's advocacy body for the superannuation industry, said today that "a number of members were affected" even though the "majority of the attempts were repelled."
Reuters has learned from a source familiar with the matter that over 20,000 accounts were breached in this massive wave of attacks targeting Australia's superannuation industry, with some members reportedly losing some of their savings.
Since the weekend attacks, some of the country's largest profit-to-member superannuation funds with millions of members each and managing tens or hundreds of billions—including AustralianSuper, Hostplus, REST and Australian Retirement Trust, and Insignia Financial—confirmed that some of their members' accounts were breached in these attacks.
