Spirit Super: cyber attack at superannuation fund sees 50k Tasmanians’ personal data exposed
Spirit Super’s boss has hastened to reassure clients that their money is safe after a computer hacker gained access to the personal data of over 50,000 customers.
Tasmania
Don't miss out on the headlines from Tasmania. Followed categories will be added to My News.
Spirit Super’s boss has hastened to reassure clients that their money is safe after a computer hacker gained access to the personal data of over 50,000 customers.
The hacker used a phishing email to gain entry into a company mailbox which contained the names, addresses, phone numbers, and account numbers of clients.
However CEO Jason Murray said the inbox contained no financial data such as bank details or tax file numbers, meaning the hacker would not be able to drain their accounts.
No client passwords were contained in the inbox, so there is no need for users to change their passwords or account numbers.
As a precaution, the company has upped their security and are keeping an eye out for any suspicious transaction attempts.
“We put in extra levels of security immediately upon all those impacted or potentially impacted,” Mr Murray said.
“We have heightened security, we have monitoring, and we have blocks on accounts so people can’t send money out other than for transactions already set up like pensions.”
Clients wanting to withdraw money from their superannuation accounts are now asked to contact Spirit Super in order to make those requests.
The phishing email was disguised as official correspondence intended to trick staff members into sharing usernames and passwords to company email accounts.
Clients are being warned to keep an eye out for unsolicited emails, text messages, or phone calls in case they too fall prey to a phishing scam.
Hackers could, for example, send disguised emails claiming to be from Spirit Super asking for clients username and password information.
In such instances, people must never provide information without verifying the identity of the contact beforehand.
Mr Murray said Spirit Super never contacts their clients asking for information out of the blue.
“It’s really important that our members are alert to phishing full stop,” Mr Murray said.
“We happen to be today’s story, but I think it’s something that’s really important to all Tasmanians,” Mr Murray said.
“It’s important everyone is aware of this risk, and that everybody is alert to unsolicited contact from organisations or people posing as organisations asking for information.”
kenji.sato@news.com.au
Personal data of 50k Tasmanians exposed after cyber attack
The personal information of about 50,000 Tasmanians has been compromised after a staff member at a superannuation fund fell prey to a phishing scam.
Spirit Super, which formed last year following a merger of Tasplan and MTAA Super, broke the news to affected members on Friday.
It’s understood a staff member clicked a malicious link in a phishing email on May 19, leading to a breach of their inbox.
It’s potentially exposed tens of thousands of Tasmanians to the risk of identity theft and scams.
Attached to one of the worker’s emails was a dataset dating back to 2019-20, containing the personal information – including names, addresses, ages, email addresses, phone numbers, member account numbers and member balances – of approximately 50,000 people, all of whom are believed to be Tasmanian.
“We have not been able to confirm that the data of any of those members has been accessed but we acted as if it has by securing those accounts and alerting those members,” a Spirit Super spokesman told the Mercury.
“It is important to note that this data does not include dates of birth, government identification numbers – such as tax file numbers or driver’s licence details – or tax file numbers or any bank account details.”
While the breach itself was quickly identified on May 19, it wasn’t until a week later, on May 26, that Spirit Super’s investigation uncovered the email containing members’ personal information. It was then that they emailed those members to inform them of what had happened.
Spirit Super has about 325,000 members in total across Australia.
Candyce Viney, one of the Tasmanian members whose personal information was compromised, said she was regularly checking her account balance “to make sure no changes are being made”.
She described the data breach as “a bit concerning”.
“They (are) such a big company that looks after everyone’s super and (it’s worrying) something like this could happen,” she said.
“I’m not sure why a lot of (people’s) information was in this one mailbox.”
Australian Privacy Foundation chair David Vaile said it was likely that those affected by the breach would never know what had been done with their information if it was, indeed, accessed.
“A lot of the information that (was breached) is absolutely ideal raw material for all sorts of … abuses and threats against you, like identity theft, where someone masquerades as you, or ringing up and scamming you,” he said.
More Coverage
Originally published as Spirit Super: cyber attack at superannuation fund sees 50k Tasmanians’ personal data exposed
O’Byrne pulls plug on support for Ferguson, says Premier must act
The survival of key Liberal Michael Ferguson hangs by a thread after key independent David O’Byrne declared he had lost confidence in the beleaguered Treasurer and Deputy Premier. What Mr O’Byrne said >>
World-leading program which has reduced dementia risk by 25%
A five-year dementia study run out of UTAS is showing drops of 25 per cent in the dementia risk of its study participants. Here is what they are doing to stay healthier for longer.