Massive Cyber Attack: Hackers Breach Australia’s Largest Pension Funds

Hackers targeted Australia’s major pension funds through a series of coordinated cyberattacks comprising over 20,000 accounts and stolen the savings of some of the members. This cyberattack began in early April 2025, majorly attacking AustralianSuper, Rest Super, and Australian Retirement Trust (ART) among others. 

AustralianSuper is the country’s largest fund managing $365 billion for 3.5 million members, and around 600 accounts were compromised with four members losing a total of $500,000. They have found unauthorized access to 8000 accounts though no financial losses were confirmed. Meanwhile, ART detected suspicious login activity on several hundred accounts but reported no theft. 

“We took immediate action to lock these accounts and let those members know” Said Rose Kerlin, AustralainSuper Chief Member Officer.

“Over the weekend of 29-30 March 2025, Rest became aware of some unauthorised activity on our online Member Access portal” – Vicki Doyle, CEO, Rest

“We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cybersecurity incident response protocols” he added.

Further, it has been revealed that using the ‘credential stuffing’ method the hacking has been carried out and they exploited the leaked usernames & passwords reused by account holders across multiple platforms. All these events highlight the emerging threat of cybercrime in Australia’s financial sector. On the otherhand, APRA (Australian Prudential Regulation Authority) has enforced all the superannuation funds to enhance their cybersecurity protocols.