AustralianSuper - Days after accounts became inaccessible and still no direct member communication, just unacceptable!
This article addresses AustralianSuper only because I do not know how or whether other super funds are communicating directly (or not) with their members after a very publicised cyber breach on Friday, 4 April 2025.
It is simply unacceptable that members who are unable to log onto their accounts online or contact a human at AustralianSuper are faced with three of four lines of dialogue on the website which gives dubious comfort .. "Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure."
What should have been said is clearly, "no members have suffered losses" or "some members have suffered losses amounting $X but these will be fully compensated" or, if that is not the case, what the rules are around reimbursement. It is what is not said at these times and the absence of communication that is most worrying.
All large commercial organisation run crisis management drills - AustralianSuper should have been prepared for this type of event and what communication with members is the bare minimum to maintain trust and integrity even in a situation where not all information is currently available.
At the time of writing I am able, after two days, to open my account and see my balance. However, and I presume this applies to all other members, I have not received any direct communication from AustralianSuper. All I "know" is from media reports and they currently suggest is that an unknown number of members have lost about A$500,000 in savings, and that AustralianSuper is reportedly assisting authorities recover the money, and that it has as not yet confirmed if any remediation will occur.
Currently, AustralianSuper gets a Failed Grade for communication, and whether it gets a failed grade in other areas, such as security, only time and more information will tell. It is not acceptable if any later communication says they were unable to communicate because matters involved the police - that is just pure "fairy land". Not even a public comment from the CEO - not an important enough issue?
As we have said elsewhere, AustralianSuper has become "accident prone" - and it may be time for members to push for significant managerial change. Meanwhile, members should be supportive of significant upgrades to security, including multi-factor authentication on all interactions.
POSTSCRIPT: I received a "Member Update" email from the CEO of AustralianSuper, Paul Schroder, at around 4:30PM EST, Friday, April 11 regarding the "cyber fraud crime". The email contained few additional details, except to confirm that about 600 member funds remain locked and that money was stolen from 10 accounts, with those members having been reimbursed
Sending out communications late on a Friday is a well-worn technique, referred to as the "Friday news dump", to avoid media scrutiny and consequently I hope this was not the intention. This breach, together with breaches at other funds such as ART, Hostplus and REST, should be the subject of a review by APRA - and this may provide us with more information about how the breaches were carried out and security shortcomings.