SYDNEY, April 4 (Reuters) – A series of coordinated cyberattacks have compromised over 20,000 accounts in Australia’s major pension funds, with hackers stealing funds from some members of the country's largest retirement fund, according to a source familiar with the situation. National Cyber Security Coordinator Michelle McGuinness acknowledged the attacks on Australia’s A$4.2 trillion ($2.63 trillion) retirement savings sector, stating that the government, regulators, and industry were working together to assess the impact and respond. The full extent of the breaches remains unclear.

AustralianSuper, the largest pension fund managing A$365 billion for 3.5 million members, confirmed that hackers had stolen passwords from up to 600 members to access accounts and commit fraud. Chief Member Officer Rose Kerlin stated that the affected accounts were locked immediately, and impacted members were notified. Four members reportedly lost a total of A$500,000, which was transferred to unauthorized accounts.

Australian Retirement Trust, the second-largest fund with A$300 billion under management, detected "unusual login activity" on several hundred accounts but found no unauthorized transactions. Affected accounts were locked as a precaution. Rest Super, which manages A$93 billion for 2 million members, reported that around 20,000 accounts—roughly 1% of its membership—were affected by unauthorized activity over the weekend of March 29-30. CEO Vicki Doyle said the company immediately shut down its Member Access portal, launched an investigation, and activated cybersecurity response protocols.

Insignia Financial, which manages A$327 billion, reported that a "malicious third party" attempted to access pension accounts on its Expand platform. However, an Insignia spokesperson confirmed no financial losses had occurred. Hostplus, managing A$115 billion for 1.8 million members, also confirmed an attack but reported no known financial losses as investigations continued. Prime Minister Anthony Albanese, who was briefed on the hacks, assured a "considered" government response. He noted that cyberattacks are a persistent issue in Australia, occurring approximately every six minutes.

Major Australian organizations, including St Vincent’s Health, Medibank, and telecom provider Optus, have previously suffered significant data breaches. In response to growing cybersecurity threats, the Australian government has committed A$587 million to a seven-year plan aimed at strengthening national cybersecurity protections.

Disclaimer: This image is taken from Reuters.