Reuters reports that major Australian pension funds AustralianSuper, Australian Retirement Trust, Insignia, Hostplus, and Rest Super have disclosed being impacted by a series of attacks during the last weekend of March.
Despite being claimed by a source close to the matter to have had over 20,000 accounts compromised as a result of the incident, AustralianSuper only confirmed the theft of up to 600 member passwords as it noted immediate action to secure such accounts. On the other hand, Australian Retirement Trust and Rest Super reported having "several hundreds" and nearly 20,000 accounts affected, respectively. Meanwhile, an investigation into the extent of the incident is being conducted by the other funds. Such a development which comes more than two years after the attack against major Australian health insurance provider Medibank has already prompted Australian National Cyber Security Coordinator Michelle McGuinness to spearhead a coordinated response against attacks targeting the country's $2.6 trillion retirement savings industry.
Threat actors have exploited 159 CVEs during the first three months of 2025, compared with 151 during the last quarter of 2024, with almost a third of vulnerabilities leveraged in attacks within a day of their disclosure, according to The Hacker News.
Attacks involving ransomware were discovered by NCC Group to have totaled 600 in March which is 32% lower than in February but 46% higher than the same month last year with the month-to-month decline believed by NCC Head of Threat Intelligence Matt Hull to be a "red herring" after the recent surge in intrusions, Infosecurity Magazine reports.
