Scammers drain $400,000 from pensioner's AustralianSuper account - just days before massive hack was revealed
- Pensioner lost almost all of her life savings
- Have you been impacted by the cyber attack?: Email tips@dailymail.com
- READ MORE: Super funds could face hefty fines after hundreds of Aussies were hacked in 'coordinated' cyberattack
A distraught pensioner came close to losing almost all of her life savings after $406,000 was stolen from her AustralianSuper account.
The union-backed industry giant - which is Australia's biggest superannuation fund, - was among those targeted in a co-ordinated cyber attack after a cache of passwords was stolen.
Six unauthorised withdrawals were made from the 74-year-old Queensland woman's AustralianSuper pension account over a week from March 20.
The withdrawals were transferred to five different Commonwealth Bank accounts set up by scammers, The Australian reported.
The woman, who wishes to remain anonymous, only found out she was the victim of a scam after she got received separate letters from AustralianSuper confirming successful withdrawals of $20,000 and $100,000 on March 21 and March 24.
She received the letters on March 28 - eight days after the first sum was stolen from her account - and immediately called AustralianSuper to raise the alarm about the fraudulent transactions.
The fund froze her account, but by then, she had already lost 90 per cent of her life savings.
The pensioner claimed she was still waiting on AustralianSuper to fraud report with The Commonwealth Bank and has since contacted police.
A distraught pensioner lost almost all of her life savings after $406,000 was stolen from her AustralianSuper account. (stock image)
Scammers made six unauthorised withdrawals within a week from the pensioner's super account. (stock image)
The woman is one of the four AustralianSuper members so far identified as victims of a cyber attack against some of the country's biggest funds.
AustralianSuper, REST, Australian Retirement Trust and Hostplus – which combined manage almost $1trillion in super accounts for millions of Australians – were targeted in the heist, as was MLC Expand.
AustralianSuper is the only fund so far to confirm member losses.
AustralianSuper chief member officer Rose Kerlin said the fund spoke with the Queensland pensioner on Friday to assure that tell her account would be remediated.
'And we have spoken to her again (on Monday) to confirm her account is back to the position it would have been had the fraudulent activity not occurred,' she said.
Ms Kerlin told Daily Mail Australia that she has 'personally spoke to (the 74-year-old) today to reassure her that her account was secure'.
'AustralianSuper's policy on these issues are decided 'on a case-by-case basis. We have now thoroughly investigated the incidents in which money was transacted out of a member's account and all of those are being remediated,' she said.
'AustralianSuper is deeply sorry about the distress caused by this criminal attack and we are working with affected members to help protect their accounts.'
AustralianSuper chief member officer Rose Kerlin contacted the distraught pensioner on Monday to reassure her that her account would be remediated
The woman only found out she was the victim of a scam when she got two separate letters from AustralianSuper (logo pictured) about substantial withdrawals
But another AustralianSuper member, Samantha Burns, told Daily Mail Australia last week that she had alerted her super fund in late February about being hacked.
'I phoned AustralianSuper on the 27 February 2025, telling them when I logged into my account, the balance was zero,' she said.
'They said it's probably an upgrade and to wait and re-log on. I tried that, same thing, zero balance.
'I rang multiple times after that, and was told the problem was being fixed by the IT department. So it's not just in the past week.'
Ms Kerlin said that AustralianSuper defends attacks from cyber criminals every single day.
'We became aware of a spike in suspicious activity on March 27 and 28 and took immediate action to lock accounts and investigate,' she said.
The fund reported what happened to the police, the National Office of Cyber Security, the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, the Australian Securities and Investments Commission and the Australian Prudential Regulatory Authority.
REST chief executive Vicki Doyle said the super fund noticed unauthorised activity during the last weekend of March and responded by shutting down the member access portal - after 8,000 accountants were affected.
'No member funds were transferred out of impacted members' accounts due to these unauthorised access attempts,' she said.
MLC Expand chief executive Liz McCarthy told the Australian Securities Exchange a malicious third party had engaged in 'credential stuffing' where a hacker collects user names and emails.
Prime Minister Anthony Albanese (pictured) downplayed the cyber attack on Friday
'We detected suspicious activity on around 100 Expand Wrap Platform customers' accounts and at this stage there has been no financial impact to customers,' she said late last Friday afternoon.
'As a precaution we have taken steps to restrict some activities on the Expand Platform.
'Some customers will receive communications prompting them to reset their passwords when they next login to their accounts.'
A Hostplus spokesman said no funds had been stolen.
'Whilst the investigation remains ongoing, we can confirm that no Hostplus member losses have occurred,' he said.
There is a cyberattack in Australia about every six minutes, according to the PM (stock image)
An Australian Retirement Trust spokesman said it was able to stop suspicious transactions.
'We can confirm our digital security system identified unusual login activity and that impacted accounts were locked as a precaution, and members and regulators were notified,' he said.
'We have not identified any suspicious transactions or modifications regarding these accounts.'
Prime Minister Anthony Albanese downplayed the cyber attack last Friday.
'I have been informed about that. We will respond in time. We're considering what has occurred,' he told reporters in western Sydney.
'But bear in mind the context here. There is an attack, a cyberattack in Australia about every six minutes. This is a regular issue.'
