A series of coordinated cyber attacks have targeted major Australian superannuation funds, causing serious damage to thousands of members.

Hackers stole savings from some members of the largest pension fund and compromised more than 20,000 accounts, according to reliable sources.

In a statement, National Cyber ​​Security Coordinator Michelle McGuinness said the Australian Government had received information that “cyber criminals” were targeting accounts in the country’s A$4.2 trillion (US$2.63 trillion) retirement savings sector.

An emergency response is being rolled out across government, regulators and industry, but the number of pension funds and members affected is not yet clear.

AustralianSuper, Australia’s largest superannuation fund with 3.5 million members and $365 billion under management, confirmed that around 600 members’ passwords had been stolen by hackers, allowing them to gain unauthorized access and commit fraud. The fund immediately locked the accounts and told members to check their balances.

A reliable source said that four AustralianSuper members had a total of $500,000 withdrawn and transferred to other accounts that did not belong to them. AustralianSuper has not yet made an official comment on this information.

Meanwhile, the Australian Retirement Trust, the second-largest pension fund with 2.4 million members, said it had detected “unusual login behaviour” affecting “several hundred” accounts. The affected accounts were locked as a precaution and no suspicious transactions or changes were recorded.

Rest Super, a default pension fund for retail workers with 2 million members, said the cyberattack, which occurred on March 29-30, affected about 20,000 accounts, or 1% of its total membership. Rest Super has now urgently investigated and activated measures to respond to the cyber security incident.

Hostplus, which has more than 1.8 million members, also confirmed that it had been hacked. While no financial losses have been reported, an investigation into the severity of the incident is ongoing.

Prime Minister Anthony Albanese said he had been briefed on the attacks and said the government would respond soon. He also noted that cyber attacks were a “regular occurrence” in Australia, with one occurring every six minutes.

Australia's largest not-for-profit hospital St Vincent's Health, private insurer Medibank and mobile network operator Optus have also been victims of large-scale cyber attacks.

The Australian Government has committed AUD 587 million to fund a seven-year national cyber security strategy to improve the ability of citizens, businesses and government agencies to protect information.