---
url: 'https://www.corbado.com/faq/super-fund-affected-data-breach'
title: 'Was my superannuation fund affected by the data breach?'
description: 'Find out if your Australian superannuation fund was affected by the recent 2025 cyberattack and how to protect your retirement savings.'
lang: 'en'
---

# Was my superannuation fund affected by the data breach?

## Was my superannuation fund affected by the data breach?

Yes, several major Australian
[superannuation funds](https://www.corbado.com/blog/superannuation-funds-mfa-fsc-29) were affected by the recent
cyberattack. These include AustralianSuper, Australian Retirement Trust, Rest, Hostplus,
and Insignia Financial. While not all members experienced financial loss, many accounts
were targeted through a method called **credential stuffing**, where attackers used stolen
passwords to attempt unauthorized logins. Some accounts had money stolen - up to
**$500,000 across four accounts** - while others experienced suspicious activity, such as
login attempts or personal data exposure.

Affected funds have confirmed:

- Locking suspicious accounts
- Notifying members individually
- Working with regulators and cybersecurity experts

If you are a member of any of the named funds, it’s strongly recommended to log into your
account and check for unusual activity, especially changes to contact or
[banking](https://www.corbado.com/passkeys-for-banking) information. Even if your fund hasn’t reported a breach,
vigilance is key, as threat actors continue to [exploit](https://www.corbado.com/glossary/exploit) weak or reused
passwords.

## Super funds confirmed as impacted

- **AustralianSuper** (financial losses reported)
- **Rest** (8000 members affected, no funds withdrawn)
- **Australian Retirement Trust** (accounts locked pre-emptively)
- **Hostplus** (no losses, investigation ongoing)
- **Insignia Financial** (credential stuffing attack identified)

> - Yes, major [super funds](https://www.corbado.com/blog/superannuation-funds-mfa-fsc-29) like AustralianSuper and
>   Rest were impacted by a recent [data breach](https://www.corbado.com/glossary/data-breach).
> - AustralianSuper members lost a total of $500,000 due to stolen login credentials.
> - Other funds such as Rest and Hostplus were able to prevent financial losses but still
>   had accounts accessed.
> - If you’re with one of the named funds, you should check your account and update your
>   password.

---

## What Happened in the Cyberattack?

In early April 2025, cybercriminals launched a coordinated attack on Australian
[superannuation funds](https://www.corbado.com/blog/superannuation-funds-mfa-fsc-29) by using **previously leaked
usernames and passwords** found on the dark web. Unlike typical data breaches that involve
hacking into a company’s servers, this was a **credential stuffing attack**, where
attackers used already-compromised credentials to log into individual accounts.

## Which Funds Were Affected?

**AustralianSuper**: Confirmed that 600 accounts had login credentials stolen. Four
members lost approximately $500,000 in total. Accounts were locked and affected members
were notified immediately. **Rest**: Detected unauthorized activity affecting around 8,000
members. No financial loss occurred due to quick shutdown of systems. However, limited
personal data (like names and emails) was accessed. **Insignia Financial**: Identified
suspicious login attempts through [credential stuffing](https://www.corbado.com/glossary/credential-stuffing) on
its Expand platform. Accounts were protected, and no losses reported. **Australian
Retirement Trust**: Detected unusual login activity and proactively locked affected
accounts. No financial or data compromise confirmed so far. **Hostplus**: Also reported
ongoing investigation. No customer losses or data breaches confirmed yet.

## What If My Fund Isn’t Listed?

Just because your fund hasn’t been publicly named doesn’t guarantee safety. Many breaches
are discovered in stages, and attackers often target multiple institutions over time.

To protect your superannuation:

- Use a **strong, unique password**
- **Enable multi-factor authentication (MFA)** if available
- Avoid clicking links in emails claiming to be from your super fund
- Call your fund directly if you suspect anything suspicious

## Why This Matters

[Credential stuffing](https://www.corbado.com/glossary/credential-stuffing) attacks are especially dangerous for
superannuation accounts because:

- People check them less frequently
- Older Australians are more vulnerable and often have large balances
- Attackers can silently change contact and bank details to siphon funds

This incident is a wake-up call for both funds and members to improve their cybersecurity
hygiene.

---

## Read the full article