Cyberattack on superannuation sparks urgent calls for stronger security measures

Following a major cyber breach that compromised multiple superannuation accounts, experts are demanding stronger and more comprehensive security measures to prevent future incidents.

The breach, which targeted funds managing over $1 trillion in assets, has raised serious concerns about the vulnerabilities in Australia’s superannuation system.

While a small number of individuals have experienced financial losses, the breach underscores the risks faced by the superannuation sector, which manages more than $4.1 trillion in assets for approximately 17 million Australians.

Experts argue that given the significant sums involved, it was only a matter of time before cybercriminals targeted these funds.

Paul Haskell-Dowland, a cybersecurity expert and professor at Edith Cowan University, stated that the attack on Australian superannuation funds was “inevitable” and long overdue.

“An attack on Australian superannuation was always inevitable, some would say overdue,” he said.

“This is a clear warning shot that cybersecurity needs to be taken more seriously.”

In the wake of the breach, Haskell-Dowland is among a growing number of cybersecurity experts advocating for the mandatory implementation of multi-factor authentication (MFA) across all superannuation accounts.

MFA is a security process that requires users to provide two or more forms of verification before they can access an account or system.

MFA adds an extra layer of protection, making it harder for unauthorised users to access your account.

RMIT cyber security centre director Matthew Warren said funds could allow customers to opt out of authenticating their logins if it was unduly onerous, but that needed to change.

“Stronger multi-factor authentication should be implemented for every customer, with no exception,” he said.

Super funds have been contacting members whose accounts have been targeted by hackers.

Hostplus, Rest, AustralianSuper and Australian Retirement Trust were among the funds hit in the attack.

Members are urged to check for signs of fraud, ensure banking and contact details are correct, and change passwords if they are not unique to their account.

-with AAP.