Was my superannuation fund affected by the data breach?
Find out if your Australian superannuation fund was affected by the recent 2025 cyberattack and how to protect your retirement savings.
Was my superannuation fund affected by the data breach?#
Yes, several major Australian superannuation funds were affected by the recent cyberattack. These include AustralianSuper, Australian Retirement Trust, Rest, Hostplus, and Insignia Financial. While not all members experienced financial loss, many accounts were targeted through a method called credential stuffing, where attackers used stolen passwords to attempt unauthorized logins. Some accounts had money stolen - up to $500,000 across four accounts - while others experienced suspicious activity, such as login attempts or personal data exposure.
Super Funds Whitepaper. Practical guidance, rollout patterns, and KPIs for passkey programs.
Affected funds have confirmed:
- Locking suspicious accounts
- Notifying members individually
- Working with regulators and cybersecurity experts
If you are a member of any of the named funds, it’s strongly recommended to log into your account and check for unusual activity, especially changes to contact or banking information. Even if your fund hasn’t reported a breach, vigilance is key, as threat actors continue to exploit weak or reused passwords.
Super funds confirmed as impacted#
- AustralianSuper (financial losses reported)
- Rest (8000 members affected, no funds withdrawn)
- Australian Retirement Trust (accounts locked pre-emptively)
- Hostplus (no losses, investigation ongoing)
- Insignia Financial (credential stuffing attack identified)
- Yes, major super funds like AustralianSuper and Rest were impacted by a recent data breach.
- AustralianSuper members lost a total of $500,000 due to stolen login credentials.
- Other funds such as Rest and Hostplus were able to prevent financial losses but still had accounts accessed.
- If you’re with one of the named funds, you should check your account and update your password.
What Happened in the Cyberattack?#
In early April 2025, cybercriminals launched a coordinated attack on Australian superannuation funds by using previously leaked usernames and passwords found on the dark web. Unlike typical data breaches that involve hacking into a company’s servers, this was a credential stuffing attack, where attackers used already-compromised credentials to log into individual accounts.
Which Funds Were Affected?#
AustralianSuper: Confirmed that 600 accounts had login credentials stolen. Four members lost approximately $500,000 in total. Accounts were locked and affected members were notified immediately. Rest: Detected unauthorized activity affecting around 8,000 members. No financial loss occurred due to quick shutdown of systems. However, limited personal data (like names and emails) was accessed. Insignia Financial: Identified suspicious login attempts through credential stuffing on its Expand platform. Accounts were protected, and no losses reported. Australian Retirement Trust: Detected unusual login activity and proactively locked affected accounts. No financial or data compromise confirmed so far. Hostplus: Also reported ongoing investigation. No customer losses or data breaches confirmed yet.
What If My Fund Isn’t Listed?#
Just because your fund hasn’t been publicly named doesn’t guarantee safety. Many breaches are discovered in stages, and attackers often target multiple institutions over time.
To protect your superannuation:
- Use a strong, unique password
- Enable multi-factor authentication (MFA) if available
- Avoid clicking links in emails claiming to be from your super fund
- Call your fund directly if you suspect anything suspicious
Why This Matters#
Credential stuffing attacks are especially dangerous for superannuation accounts because:
- People check them less frequently
- Older Australians are more vulnerable and often have large balances
- Attackers can silently change contact and bank details to siphon funds
This incident is a wake-up call for both funds and members to improve their cybersecurity hygiene.
Read the full article#
About Corbado
Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert →
Read the full article
Discover why superannuation funds are vulnerable and how regulations, including FSC Standard No. 29, recommend MFA and phishing-resistant authentication.
Read the full articleRead by 5,000+ security leaders.
Share this article
Table of Contents
