At around 1:45pm today, several Australian superannuation funds confirmed they had been targeted by what appears to be a co-ordinated cyberattack. Media alerts lit up across the country — and understandably, members are concerned. Many are rushing to check their super balances, including many who are logging in for the very first time.

While the timing of the announcements might suggest a recent incident, conversations with media representatives from the funds reveal the attacks have been occurring over several weeks, not just in the last day or two.

Which funds are affected?

Media reports and direct confirmations indicate that AustralianSuper, Insignia, REST, Hostplus, and ART (Australian Retirement Trust) have all been affected.

Each of these funds is urging members to log in and check their superannuation accounts, including:

Verifying account balances

Reviewing linked bank accounts

Confirming that no account details have been changed

Important note: this is creating massive traffic and massive delays on websites and web infrastructure.

‼️ Massive traffic, massive delays ‼️

This advice has created a wave of pressure on super fund websites across the country. Many funds rely on shared secure infrastructure, and the volume of concerned members trying to access their online portals has been overwhelming.

Thousands of members are now reporting:

Inability to log in

Error messages or zero balances showing (which is an issue when the front end and back end of the website struggle to connect)

Login pages timing out completely

I contacted several funds directly, and the consistent message is this: the traffic from concerned members is crashing servers, not the cyberattack itself. Funds are asking members to remain patient, and to understand that website outages are largely due to volume, not system compromise.

Who is most at risk?

Importantly, the only members currently at risk of money being withdrawn are retirees or those who have unrestricted access to their super accounts. For most members—especially those still working—there’s no facility in place for lump sum withdrawals, which means the risk of actual funds being stolen is very low.

What are the funds saying?

From what I’ve been told by two of Australia’s largest funds, the scale of the attack is limited, and they believe it has been largely contained. We are still awaiting public statements from some of the other funds. ART says they have contacts ALL members affected.

Here’s what we know so far:

AUSTRALIAN SUPER

Around 500 accounts have had details changed

Only 4 accounts have reported actual financial losses

The total value of funds withdrawn: around $500,000

ART (Australian Retirement Trust)

Two waves of attempted attacks

Up to 8,000 accounts were targeted

No money has been withdrawn

ART has emphasised that their security systems triggered early and effectively stopped funds from being accessed.

HOSTPLUS

“We are actively investigating the situation to determine the facts and the extent of any impact to Hostplus. Whilst the investigation remains ongoing, we can confirm that no Hostplus member losses have occurred.”

What should you do?

If you're a member of one of the affected funds:

Try logging in when website traffic is lower (outside peak hours)

Check your account details and linked bank accounts

Contact your fund directly if you see anything unusual

Above all—stay calm. The situation is being monitored closely, and the funds are working hard to keep accounts secure. For most members, the risk remains low.

Thanks for reading Epic Retirement Australia! Subscribe for free to receive new posts and support my work.