After a spate of cyber attacks on Australian superannuation funds, Cbus has reported an “unusually high spike in log-in attempts”.
Cbus, one of Australia’s top funds, is the latest to be targeted by attackers - another fund had been hit with 600 attempted cyber attacks in the past month - and immediately alerted the Australian Prudential Regulation Authority (APRA), the independent statutory authority that supervises institutions across, among other things, superannuation.
Cbus said the unusually high spike in log-in attempts came in the wake of the other attacks, which saw members of all funds logging into their accounts. Despite the increased login activity, Cbus said there is no evidence of financial losses to any of its 900,000+ members.
“The fund is investigating a small number of accounts that may have been impacted, including accounts where multi-factor authentication was triggered in the hours before and after the spike event,” said Cbus in a statement. “These accounts were pro-actively deactivated, and the members are being contacted.”
While the timing of this cyber attack might appear more than coincidental, Cbus stated that it isn’t clear if the incident is related to the other attacks. In those attacks, one fund reported several members had lost totals amounting to AUD$500,000, while tens of thousands of other accounts across all the funds were impacted - thankfully with no losses reported. Many more thousands of members were unable to access their accounts, adding to the stress of the situation.
Cbus has also reported the incident to the Australian Cyber Security Centre and is involved in a continuing investigation with its cyber security partners.
