AustralianSuper has confirmed that cybercriminals used compromised credentials to attempt unauthorised access to hundreds of member accounts last week.
The event underscores growing concerns around cybersecurity resilience across the financial sector.
As of 1:45pm on April 4, the fund disclosed that approximately 600 member accounts were targeted using stolen passwords, prompting it to temporarily suspend access and alert affected individuals.
The attempted breach is part of a broader uptick in malicious digital activity across Australia’s financial services ecosystem.
Rose Kerlin, AustralianSuper’s chief member officer, said the company has observed a spike in suspicious login attempts on its digital platforms.
“We have seen a spike in suspicious activity across our member portal and mobile app, and we are urging members to take steps to protect themselves online,” she said. “While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online.”
AustralianSuper stated that some members may have temporarily seen incorrect account balances or experienced service outages, but said that account funds remain secure.
The fund is working with federal cybersecurity agencies including the Australian Signals Directorate (ASD), the National Office of Cyber Security, and industry regulators to investigate the activity.
Kerlin advised members to take proactive measures such as changing passwords to ones not used elsewhere and reviewing their linked banking and contact information.
The fund also directed members to government-issued cybersecurity guidance and urged immediate reporting of any suspicious messages or unauthorised account changes.
“We are highlighting this event to make sure members are alert and take all possible precautions to protect their retirement savings,” Kerlin said. “If members’ details are correct, they don’t need to call us.”
The incident comes as new data from risk advisory firm Kroll pointed to rising expectations of financial crime risk among Australian financial institutions.
According to Kroll’s 2025 Financial Crime Report, 64% of surveyed senior executives in financial and professional services expect financial crime threats to increase this year.
Cyberattacks, AI misuse, sanctions, and shifting geopolitical conditions were cited as primary risk drivers. Notably, 80% of respondents identified criminal exploitation of artificial intelligence as an area of concern, while 60% highlighted cybersecurity vulnerabilities as a top threat.
Despite the adoption of AI tools to enhance compliance and fraud detection, only one in four Australian executives said these technologies had meaningfully strengthened their risk management frameworks.
Kroll’s findings align with separate reports from cybersecurity firms. Bitdefender, for instance, reported a 126% surge in ransomware cases year-on-year, with Australia ranked sixth globally for incidents in February 2025. Attackers are increasingly exploiting exposed software weaknesses rather than focusing on specific business sectors.
Meanwhile, Surfshark’s recent analysis found that 47 million Australian accounts were compromised in data breaches last year – a dramatic increase from the previous year and the highest total in the Oceania region since 2004.
