Additional funds sound alarm over cyber security breaches

Cbus Super and its partner fund Media Super have sounded the alarm after a surge of suspicious login attempts on their websites, raising red flags just as other major Australian super funds grapple with their own cyber security breaches.

Since their merger in 2022, Cbus Super and Media Super, collectively serving 920,000 members and managing $100 billion in member assets, have continued to operate under their respective brands.

This week, both released an identical statement saying they had detected an “unusually high spike in log-in attempts [that] coincided with a time of significant market volatility potentially causing increased member engagement”.

“Out of an abundance of caution, the fund is investigating a small number of accounts that may have been impacted including accounts where multi-factor authentication was triggered in the hours before and after the spike event. These accounts were pro-actively deactivated, and the members are being contacted,” it said.

Cbus said that its “cyber incident” occurred days after other major super funds – including AustralianSuper, Rest, Australian Retirement Trust, and Insignia – reported a cyber incident that resulted in personal data being exfiltrated.

Interestingly, Insignia said that the cyber incident was caused by a credential stuffing attack. In this type of attack, stolen credentials from the dark web are entered into an organisation’s login page to determine if the person whose credentials were stolen is a member, granting access if successful.

While unconfirmed, Super Review sister brand Cyber Daily suspects the “spike in log-in attempts” on Cbus and Media Super could be another credential stuffing attack attempt or a copycat attack, as it occurred just days after the first.

Rest and Insignia have said that no money was exfiltrated from users’ accounts; however, AustralianSuper confirmed that some accounts had money stolen.

That being said, the super funds have said that the cyber attack occurred during a period of increased market volatility, which could have led to changes in the amounts in people’s superannuation accounts.

“If you see a reduction in your account balance you weren’t expecting, this does not necessarily indicate fraudulent or suspicious activity on your account,” said AustralianSuper.

“Global markets are experiencing more volatility than usual.

“It’s important to remember that market ups and downs are a normal part of investing.”

Earlier this week, Treasurer Jim Chalmers said both APRA and ASIC are engaging with all of the potential impacted super funds to support safe outcomes for members.

“On Friday, we convened the council of financial regulator agencies to get an update on their ongoing response to this incident as well. That’s working around the clock in response to the incident and it’s all about protecting fund members and improving security measures,” the Treasurer said.

Super Review reached out to the Australian Prudential Regulation Authority (APRA), but the regulator declined to comment.