Hackers have attacked five top super funds after a cache of passwords was stolen – with some customers losing money and others unable to access their accounts.
‘s biggest super fund, the union-backed industry giant nSuper, was among those targeted on Friday afternoon.
The fund’s chief member officer Rose Kerlin has advised members to check their accounts after 600 passwords were stolen.
‘We are highlighting this event to make sure members are alert and take all possible precautions to protect their retirement savings,’ she said.
‘If members’ details are correct, they don’t need to call us.’
Industry super funds n Retirement Trust incorporating QSuper and Sunsuper, REST and Hostplus have also been affected along with Insignia Financial, which owns the MLC retail super fund.
Some nSuper members were unable to log into their accounts on Friday afternoon with a red alert message.
‘Sorry, our service is currently not available. Please try again later,’ it said.
The cyber breach is understood to affect 8,000 accounts of nSuper’s 3.5million members.
‘Over the past week, we have seen a spike in suspicious activity across our member portal and mobile app and we are urging members to take steps to protect themselves online,’ Ms Kerlin said.
‘This week we identified that cyber criminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud.
‘While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online.’
But an nSuper member told Daily Mail she had alerted her super fund in late February.
‘I phoned n Super on the 27 February 2025, telling them when I logged into my account, the balance was zero,’ she said.
‘They said its probably an upgrade and to wait and re-log on. I tried that, same thing, zero balance.
‘I rang multiple times after that, and was told, the problem was being fixed by the IT department. So it’s not just in the past week.’
MLC Expand chief executive Liz McCarthy told the n Securities Exchange a malicious third party had engaged in ‘credential stuffing’ where a hacker collects user names and emails.
‘We detected suspicious activity on around 100 Expand Wrap Platform customers’ accounts and at this stage there has been no financial impact to customers,’ she said late on Friday afternoon.
‘As a precaution we have taken steps to restrict some activities on the Expand Platform.
‘Some customers will receive communications prompting them to reset their passwords when they next login to their accounts.’
REST chief executive Vicki Doyle the super fund noticed unauthorised activity during the last weekend of March and responded by shutting down the member access portal.
‘No member funds were transferred out of impacted members’ accounts due to these unauthorised access attempts,’ she said.
A Hostplus spokesman said no funds had been stolen.
‘Whilst the investigation remains ongoing, we can confirm that no Hostplus member losses have occurred,’ he said.
An n Retirement Trust spokesman said it was able to stop suspicious transactions.
‘We can confirm our digital security system identified unusual login activity and that impacted accounts were locked as a precaution, and members and regulators were notified,’ he said.
‘We have not identified any suspicious transactions or modifications regarding these accounts.’
Prime Minister Anthony Albanese on Friday downplayed the cyber attack on Friday.
‘I have been informed about that. We will respond in time. We’re considering what has occurred,’ he told reporters in western Sydney.
‘We’re considering what has occurred, but bear in mind the context here. There is an attack, a cyberattack in about every six minutes. This is a regular issue.’
But Super Consumers chief executive Xavier O’Halloran said the latest cyber attack showed the superannuation sector lacked proper safeguards.
‘Reports of this cyber attack on at least five big super funds are shocking and unsettling,’ he said.
‘This is people’s financial future at risk. And the details and extent of this attack are still emerging.
‘We’re calling on the next government to urgently extend the new protections to safeguard ns’ retirement savings against fraudsters, scammers and cybercriminals.’
Compulsory super contributions from employers are now at 11.5 per cent, rising to 12 per cent on July 1.
‘ns are legally required to put their money into super. Today’s news is chilling when we know super funds aren’t doing enough to protect ns’ retirement savings,’ Mr O’Halloran said.
nSuper, a union-backed industry super fund, said it had been working with the n Signals Directorate and the National Office of Cyber Security to resolve the issue.
It is urging all members to log on to their account to check their bank account and contact details are correct and ensure they have a strong password that hasn’t been used for other sites.
But it confirmed call volumes were at high levels among affected super fund members.
‘Call volumes are high so if members can’t get through quickly, they can choose to receive a call back,’ it said.
nSuper manages $365billion in retirement savings, making it the biggest player in ‘s $4.2trillion superannuation sector.
The fund, with members from 474,200 employers, has a board which includes ACTU president Michele O’Neil and n Manufacturing Workers Union national president Glenn Thompson.
nSuper members are urged to call 1300 300 273 if they are affected