In September 2022, in contrast, then home affairs minister Clare O’Neil was far feistier about the Optus hacking crisis when the telco lost 9.8 million customers’ records in a security breach, which was also a serious matter. A purported hacker published samples of alleged Optus customer data and demanded $US1m in cryptocurrency to prevent the information being released publicly. The government branded the incident a major corporate failure and an urgent warning sign that tougher penalties were needed to protect customers’ data.

The hacking of the four major super funds and the stealing of members’ savings shows that Big Super’s “penny-pinching on technology investment is now hitting hard”, wealth editor James Kirby writes. And experts have raised concerns about the level of security protecting Australia’s $4.2 trillion superannuation industry. It needs to be brought up to world’s best practice standards. The hackers gained access to the members’ accounts via a process that involved using stolen usernames and passwords – some from previous cyber attacks – that were reportedly circulating on the dark web.

As Jared Lynch and Cliona O’Dowd report on Monday, AustralianSuper does not protect users’ accounts with multi-factor authentication. MFA is a security measure that requires two or more examples of proof of identity to grant access to accounts and valuable information. Experts believe companies that have adopted MFA are better able to defend against cyber attacks.

The fund is reportedly at risk of steep penalties from the Australian Prudential Regulatory Authority, along with other funds caught up in the heist.

Four AustralianSuper customers lost $500,000 during the attack, although the fund assured customers who were seeing a “$0 balance” that their accounts were secure. They deserve every possible protection. While hackers deserve to face the full force of the law, prevention of cyber theft is essential.