Back to Blog
News, Super

Australian super fund cyber attack – how to protect your account

After a major cyberattack on several Australian super funds, here’s what to do if your fund has been affected.

by Chris Brycki -
Get Stockspot articles straight to your inbox

You might have read headlines about a major cyber security breach affecting some of Australia’s largest super funds.  If you’re wondering whether your super has been impacted, here’s what you need to know.

Cybersecurity threats are growing, and large super funds have become a recent target.

On or around 4 April 2025, several major funds were hit by a coordinated cyberattack. Hackers reportedly used stolen passwords to access accounts at AustralianSuper, Australian Retirement Trust, Hostplus, Rest, CBUS and Insignia. 

Stockspot Super has not been affected by this breach. If you’re a Stockspot Super customer, your personal details and super savings are safe. You should be able to log in to your account without any problems.

In this article, we’ll explain what happened, how to protect your super, and what steps to take if your account has been affected.

What happened?

Early reports suggest the hackers used a method called credential stuffing. This is where stolen usernames and passwords from past data breaches are reused across different websites. If someone used the same password for their super account, the attackers could log in and access their funds.

The situation is still unfolding, but so far it’s been reported that ten customers from Australian Super have lost a total of $750,000.

If these super funds had offered 2FA on their member accounts, the $750,000 stolen could have been prevented.

What’s even more worrying is how the stolen money was repaid. Since industry super funds don’t have their own capital, the losses were covered using other members’ fees. That should raise red flags for anyone in those funds.

AustralianSuper says it’s seen hundreds of attempted attacks over the past month. Insignia Financial and Rest have also noticed a spike in suspicious login activity.

If you’re searching for “I can’t log in to AustralianSuper” or “When can I access my Hostplus or Rest Super account?”  you’re not alone. Right now, millions of Australians are locked out of their super accounts as funds respond to a major cyberattack. Many super funds have temporarily disabled their login pages to protect members from further risk. If you’re having trouble accessing your account, contact your super fund directly. They’ll be able to confirm whether your account has been affected and what steps to take next.

How to keep your super safe

Protecting your super account doesn’t have to be complicated. Here are some practical steps to keep your savings secure:

1. Use strong, unique passwords

Reusing passwords is a major security risk. Instead:

  • Use a mix of letters, numbers, and special characters.
  • Create a unique password for each financial account.
  • Consider using a password manager to generate and store complex passwords.

2. Enable multi-factor authentication (MFA)

Many super funds offer multi-factor authentication (MFA), which requires an extra verification step beyond just a password. This makes it much harder for hackers to access your account. If your fund offers MFA, turn it on immediately.

3. Regularly monitor your account

While we don’t recommend checking or changing your investments regularly, it is important to check your super account regularly for any unauthorised transactions or changes to personal details. If something looks suspicious, report it to your fund straight away.

4. Watch out for phishing scams

Cybercriminals often use fake emails or text messages to trick people into revealing their login details. Be cautious of any communication asking you to click links or provide personal information. If in doubt, contact your fund directly through their official website.

5. Keep your contact details up to date

Ensure your email and phone number on file with your super fund are correct. This way, you’ll receive security alerts and notifications if any suspicious activity occurs.

What to do if your super account is hacked

If you suspect your account has been compromised:

  1. Contact your super fund immediately: They can lock your account and investigate the breach.
  2. Change your password: If you’ve reused it elsewhere, update those accounts too.
  3. Check your bank and other financial accounts: If hackers gained access to one account, they may try others.

Cyber threats to superannuation accounts are a growing concern, but with the right precautions, you can significantly reduce your risk. Strong passwords, MFA, regular account checks, and staying alert to scams can help keep your hard-earned retirement savings secure.

If you’d like to learn more about what makes Stockspot Super different to traditional super funds
Find out more
  • Chris Brycki

    Founder and CEO

    Chris has over 25 years of investment experience and spent most of his early career as a Portfolio Manager at UBS. Chris has been a member of the ASIC Digital Advisory Committee and volunteers as a member of the Investment Committee for the NSW Cancer Council. He holds a Bachelor of Commerce (Accounting/Finance Co-op Scholarship) from UNSW.


Founder and CEO

Chris has over 25 years of investment experience and spent most of his early career as a Portfolio Manager at UBS. Chris has been a member of the ASIC Digital Advisory Committee and volunteers as a member of the Investment Committee for the NSW Cancer Council. He holds a Bachelor of Commerce (Accounting/Finance Co-op Scholarship) from UNSW.

Grow your wealth effortlessly

Get your free personalised portfolio recommendation

Get started
cloud
Join thousands of Australian already investing with Stockspot