Around 100 customer accounts on the Insignia Financial-owned Expand wrap platform have been breached amid a co-ordinated cyberattack on the superannuation sector.
Professional Planner understands advisers had been alerted about the breach from Insignia, who later confirmed it had occurred to the ASX.
In a statement on Friday, Insignia said there has been no financial impact to members.
Expand CEO Liz McCarthy said “suspicious activity” has been detected around 100 Expand Wrap Platform customer accounts and as a precaution the group has taken steps to restrict some activities on the Expand platform.
“We detected suspicious activity on around 100 Expand Wrap Platform customers’ accounts and at this stage there has been no financial impact to customers,” McCarthy said.
“Our Cyber Security team are actively working to apply additional monitoring and mitigations to protect customer accounts.”
Professional Planner understands BT, CFS, HUB24, Macquarie and Dash have no awareness of any cyberbreach in their respective systems. BT, which announced it would be retained by the big four banks after going through a potential sales process, touted the benefits of “bank grade security” when it was publicly taken off the market.
An AMP spokesperson also confirmed their platform had not been affected by any cyber breach.
“AMP is aware of the cyber security incident that is reportedly impacting a number of superannuation funds,” the spokesperson said.
“We are monitoring the situation closely and at this stage have not identified any evidence of a breach or any unauthorised activity on AMP’s systems. We will continue to closely look at all activity across our systems through our 24/7 monitoring capabilities and remain vigilant.”
Netwealth was unable to respond by publication deadline.
Insignia said the incident involved a malicious third-party attempt to access online superannuation accounts through a method known as “credential stuffing” which utilised an unusual number of login attempts targeting the Expand platform.
“Some customers will receive communications prompting them to reset their passwords when they next login to their accounts,” McCarthy said.
“As is good practice, we encourage customers not to reuse the same credentials across multiple platforms and services, set strong and unique passphrases, and install software updates regularly to keep their devices secure.
“We are communicating with impacted customers and their advisers and will continue to keep them updated.”
Insignia is the only retail fund to have been confirmed to be attacked, but several industry funds – AustralianSuper, Australian Retirement Trust, Rest and Hostplus – had been breached, although it unconfirmed if the attacks are related.
AustralianSuper had confirmed to Professional Planner $500,000 in total member money across five members has been stolen.
Super Consumers Australia described the incidents as “unsettling”.
“Reports of this cyberattack on at least five big super funds are shocking and unsettling,” CEO Xavier O’Halloran said.
“This is people’s financial future at risk. And the details and extent of this attack are still emerging.”
SCA also called on the government to include super funds in the government’s Scams Prevention Framework, one of the marquee projects from Minister for Financial Services Stephen Jones, which currently targets banks, telecommunications providers and digital platforms who are at risk of fines worth up to $50 million.
“We’re calling on the next Government to urgently extend the new protections to safeguard Australians’ retirement savings against fraudsters, scammers and cybercriminals,” O’Halloran said.
The Association of Superannuation Funds of Australia, which has a membership base of retail and industry funds, confirmed that last weekend hackers tried to gain access to several super funds.
“While the majority of the attempts were repelled, unfortunately a number of members were affected,” the association said.
“Funds are contacting all affected members to let them know and are helping any whose data has been compromised.”
ASFA said it had created the Financial Crime Protection Initiative, which will “imminently” release a toolkit to improve sector coordination for cybersecurity risk.
But the issues for industry funds continue to mount with regulatory pressure increasing following high-profile failings with member death benefits for AustralianSuper and Cbus, the latter also having dealt with criticism over the fund’s governance due to its connections with the disgraced CFMEU union.
Additional reporting by Lachlan Maddock.
