Can I recover funds stolen from super account in breach?

Can I recover funds stolen from my superannuation account due to a data breach?#

Yes, in some cases you may be able to recover stolen funds from your superannuation account after a data breach - but it's not guaranteed. Your ability to get reimbursed depends on the super fund’s internal policies, the speed of your response and the specific circumstances of the attack. Funds like AustralianSuper are assisting authorities with investigations, but have not committed to automatic compensation for affected members.

What influences your chances of recovery:#

• Timely reporting to your fund and relevant authorities
• Proof that you didn’t share or mishandle your credentials
• Whether the breach was on your side (credential reuse) or the fund's system
• Existing fund policies on fraud remediation

If your account was compromised, you should contact your fund immediately, file a formal complaint, and request remediation options. Some users may recover losses through insurance or legal claims, but past cases show mixed outcomes.

---

What Happens After Funds Are Stolen?#

When funds are illegally withdrawn, super funds typically:

• Lock the affected account
• Initiate a forensic investigation
• Notify the user and regulators
• Work with banks and law enforcement to trace the funds

AustralianSuper, for instance, is assisting with the recovery of $500,000 stolen from four members but hasn't publicly confirmed whether those members will receive full compensation.

Can You Get Your Money Back?#

It depends. Here’s what the outcome often hinges on:

• If your password was reused across platforms and stolen in a prior breach, some funds may argue the breach occurred due to poor password hygiene.
• If multi-factor authentication was not enabled where available, this might weaken your claim.
• If the breach occurred due to a failure on the fund’s side, there’s a higher chance of full reimbursement.

Real-World Examples#

In 2020, an Australian retiree lost $180,000 to scammers and only recovered one-third of the amount after a four-year legal battle.. Legal costs often exceed the recovered sum, and results vary significantly depending on evidence and legal representation.

What You Should Do Right Away#

1. Report the breach to your fund immediately
2. Request a fraud investigation and inquire about reimbursement
3. Document everything (login history, email alerts, fund communication)
4. Report to external bodies like:
   • IDCARE (identity theft support service)
   • Scamwatch (to log the incident)
   • AFCA (Australian Financial Complaints Authority) for dispute resolution

---

Read the full article#

About Corbado

Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert →