From The Australian. Here's what's on the front. I'm Claire Harvey. It's Wednesday, April nineth, twenty twenty five, and for now Benezi and Peter Dutton have faced off in the first debate of this election campaign, a clash that inevitably turned fiery.
In the twenty fourteen budget, thirty b and dollars was repped out of public schools. In that budget, fifty b and dollars was repped out of hospitals. That is not the factually correct statement. It's misleading, it's designed to scare people, and I think it's dishonest from a man who wants to be re elected as the Prime minister of our country. In forty years, there has not been a higher spending government than your government. Is that correct?
Well, that's not true, except for the one that you were a part of.
The Greens are pitching their campaign at Australia's seven million renters, with leader Adam Bandt at the Press Club on Wednesday to demand capital gains, tax breaks and negative gearing be axed and a freeze on rent increases. All the latest from the campaign and our experts analysis is live now at the Australian dot com dot au. Australian super has finally called in the police to investigate a hack that saw four hundred and six thousand dollars drained from an
elderly customer's superannuation account. But the scandal has revealed huge holes in superfund's ability to keep our money away from criminals, or even to allow us to log into their websites to find out how much money we have left today? Is our money safe in super? Towards the end of March, a seventy four year old Queensland woman received some correspondence from her superannuation fund. We'll call her Joan. Australian super was writing to Joan, it said, to confirm withdrawals made
from her account a week earlier. That's odd, Joan hadn't made any withdrawals, much less for one hundred thousand dollars at a time, and it wasn't just one. Joan realized with increasing horror that six withdrawals totaling four hundred and six thousand dollars had been made from her super over the space of a week. When she alerted the superfund to the fraud, she expected a swift response, but for
ten agonizing days. It was crickets. The fund failed to raise the incident with the Commonwealth Bank and didn't commit to covering the loss until The Australian's Business reporter Cleoner O'Dowd started asking questions almost three weeks after the attack began. And Joan's not the only one caught up in this mess.
Several Australian superannuation funds have been targeted by cyber criminals. It's caused panic and frustration for thousands of members who've been unable to check whether their nest egg has been impacted.
Jared Lynch is The Australian's Technology editor. The story of Joan and her loss of four hundred and six thousand dollars from her superfund is just staggering. And what does that tell us about the safety of all of our funds.
It tells us that our safety is expendable and can be cracked within seconds by anyone who's got the will to be able to do that. How they've been able to get in the hackers is that they've got a heap of people's usernames. They've ever tried to get a heap of passwords from the dark web, from previous breaches or they have done what's called a brute force attack, which is to keep guessing, scrambling, guessing until you're getting
through the door. And because there's no multi factor of authentication which means you get a notification on your phone or through a third party app to verify yourself, that means that they can walk straight in through the door and do what they like with your account.
How big is this jared compared to other hacks that we've seen of major companies like, for example, OPTAs.
Australia super would love to compare it to OPTAs, saying that well, they had the data of nine and a half million Australian stolen. We've only had a very small problem here and that of course has been the problem with the super funds, which is why they've been so laxed when it comes to cybersecurity. And I'm not saying this. The Australian Securities and Investments Commission is saying this. They set it back in January saying that your weak online
security is exposing your members to scams. Do something about it. And rather than doing something about it, the Association of Super Funds Off Australia CEO said, you're raising unnecessary alarm. Super funds are the safest places in Australia to put your money. So nothing happened and as a result we've now seen this huge cyber attack because they thought, well it's only a little problem. Well little problems can turn
into big problems. To paraphrase Paul Kelly, from little things, big things grow and that is indeed what is happening.
Four super funds were targeted by cyber criminals in the coordinated attack, Australian Super, Australian Retirement Trust HOST Plus and REST the retail employee's superannuation trust. They manage almost a trillion dollars in retirement savings on behalf of thousands of Australians like Joan, who's one of four Australian supercustomers confirmed
to have lost money in the hack. Australian Super is still combing through the six hundred accounts that were breached, while other funds scramble to reassure their anxious customers.
No suspicious transactions or changes have been detected on member accounts.
We recognize how frustrating this can be and sincerely appreciate your patience. An unusually high spe can log in attempts.
We are experiencing a high volume of calls to our contact center, resulting in a longer than normal wait time. So Jared, now we get to the mystery of why police weren't involved right from the beginning. What are you hearing now from Australian super about if or when the police were called.
Well, the good news is that they have contact a Metaday to say that we have reported it to the AFP.
Five days after the hackers struck they decided to call in the coppers and that was only because probably that we did a front page story saying they hadn't called the AFP, who, of course, are the federal agency tasks with investigating such crimes, because as we all know, they're the ones that we're able to track down the Russian hacker that was responsible for the medibank attack back in late twenty two.
The AFP is undertaking covert measures and working around the clock with our domestic agencies and our international networks, including into POL. This is important because we believe those responsible for the breach are in Russia.
Super funds, a lot of them, not all of them, but a lot of them are regulated by the Australian Prudential Regulatory Authority, and when these sort of hacks happen, APROA do a review and if they have found that your cyber defenses are inadequate or weak, then they can impose pretty harsh penalties, which is what they did with Medibank after their attack, and the same thing can happen here.
The problem is we don't know what that is until probably potentially weeks or even months after the event, until the forensic analysis has been done. APRA comes in and does their investigation, and all that is very poor comfort to members who the reason why they're with an industry super fun to begin with is they're there to profit members, not themselves, and any fines are taken from the member's pot of money. So they're up in arms say, well,
what point is it to find the super funds. That's my money that you're taking away, and I've already been hit with this cyber attack, so it's almost like punishing the victims of crime.
The other big threat to Australian superbalances right now is Donald Trump and his Liberation Day tariffs, which are draining money out of all our superbalances day to day. That's why hundreds of thousands of Australians are wanting to log on and look at their superbalances to see what's going on,
to see how much money they've got left. Should the funds have to be able to deal with that kind of volume, Jared, Surely it's not out of the realm of consideration that everybody would want to log on all on the one day to see if their money is still there.
You're absolutely spot on there if they're providing a service
and they've got to make sure people access it. And when you look at a massive geopolitical event which is causing considerable anxiety, particularly as you approach preservation age where you're about to draw down on that super naturally you are going to want to check out what your balances are etc. Also, the closer you are to preservation age, the more vulnerable you are to scams because you're wanting to go in logging, work out how you're going to
manage your money, etc. And that was one of the things Acid called out that super trustees had no way of knowing whether someone who was approaching preservation age was being tricked and a victim of a scam. And that was one thing that Acid called out back in January and which their lobby group said they're be an alarmist. There's nothing to see here. More or less.
Coming up, the super fun say they're the safest place in the world to keep your money. Does that stack up, Jared? Because they have so much of Australian's money under management. Super funds are incredibly powerful as forces in our society in terms of what they do or don't invest in, what values they expect companies to uphold, if they're going to give them our money. What are we seeing do you think in the balance of the way super funds themselves operate and expect others to operate.
So it's very much do as I say, not as do as I do. And one of the reasons why we haven't seen this big diversity, equity and inclusion pushback that we've seen happen in the US is because of Australia's super funds. Because they sit on about four trillion dollars worth of savings and use their enormous clout to push their own agenda onto Australia's top companies. That's just
a reality. They're sitting on the biggest pot of retirement savings in the country and they're not afraid to flex that financial muscle, but when it comes to their own house, it's an absolute mess. They're saying it is one of the safest places in the country where you can park your money, and that is true, but what we've seen is their corporate governance is wanting. They are a soft target. They're sitting on trillions of dollars worth of retirement savings.
That is a huge honeypot for hackers. And if they don't clean up their shop, make sure that they adopt the same level of governance that they demand from the likes of Wistech and other Australian companies, then our retirement savings are at risk to these sort of data breaches, attacks, you name it. They got to clean up their act.
Jared Lynch is The Australian's Technology editor. You can read all our reporting on this hack and on the superannuation sector right now at the Australian dot com dot au