Cbus caught up in super funds hack

The attackers targeting the super funds appear to be familiar with the country’s superannuation system as they have mainly targeted people who are in the pension draw-down phase and can request lump sum withdrawals.

CyberCX chief strategy officer Alastair MacGibbon told this masthead at the weekend that the hackers were unlikely to be found and could strike again, but urged customers not to panic.

He added that the super fund hack appeared at this early stage to be an example of “credential stuffing”, a type of attack in which a user’s data and passwords were stolen from any one of their online accounts and sold on the dark web.

“In effect, if people use the same passwords for multiple accounts, it only takes one data breach for persistent and savvy criminals to gain unauthorised access to their other accounts,” he said.

with Brittany Busch and Michaela Whitbourn