How secure is your super account?
The past few years have seen significant data breaches from well-known Australian companies both inside and outside of the superannuation sector, exposing a huge amount of consumer personal identity information.
The cyber-attacks on superannuation funds reportedly used a technique called "credential stuffing" where cybercriminals used personal information stolen in previous data breaches (like email addresses and passwords) to attempt to access member accounts.
In the wake of recent cyber-attacks on several large Australian super funds, you might be wondering if there are more step to protect your retirement savings.
Here are some practical steps you can take to help keep your super safe:
- Keep track of your super account: The best defence is regular monitoring. Check your balance periodically, verify employer contributions are coming through, review your insurance cover, examine your annual statement, and ensure your contact details are current.
- Upgrade your passwords to passphrases: Never reuse passwords across different accounts. Instead, create a passphrase, which is a sentence or mix of four or more words that's easy for you to remember but difficult for others to guess. Include a combination of upper and lowercase letters, symbols and numbers, and aim for at least 14 characters.
- Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of protection by requiring two or more verification methods to access your account. This typically combines something you know (password/PIN), something you have (mobile device/security token), or something you are (fingerprint/facial recognition). Check if your super fund offers MFA and enable it if available.
- Protect your devices: Secure all devices you use to access your super account. Use strong passwords or passcodes, set up biometrics where possible, enable auto-lock when not in use, and activate "find your device" services so you can lock or wipe your device if it's stolen.
- Be wary of unsolicited communications: Take your time to verify the identity of anyone contacting you unexpectedly. Don't click links in suspicious emails or texts. Contact your fund directly using the official contact details from their website.
- Report suspicious activity: Alert your super fund immediately if something doesn’t seem right with your account or if you receive suspicious communications.
AcctWeb
Hot Issues
- 2025 Tax Planning Guide Part 2
- From 1 July 2025 ATO Interest is no longer tax deductible
- SME confidence and conditions see uptick over Q1 2025, survey reveals
- Depreciation expert urges property investors to leverage tax depreciation
- Buy a business
- Upskilling and self-education costs
- How secure is your super account?
- Freshwater Resources by Country 2025
- Why Might a Lease Dispute Occur?
- 2025 Tax Planning Guide Part 1
- $20,000 instant asset write-off
- New Bunnings scam warning
- The Largest Empires in the World's History
- All the documents, fact sheets and downloads to do with this year’s 2025-26 Federal Budget
- Winners and Losers - Federal Budget 2025-26
- Building Australia's future and Budget Priorities
- ATO outlines focus areas for SMSF auditor compliance in 2025
- ATO to push non-compliant businesses to monthly GST reporting
- ASIC pledges to continue online scam blitz
- Tax Office puts contractors on notice over misreporting of income
- Tax planning tips for 2024-2025
- What does the proposed changes to HELP loans mean?
- Vacant Residential Land Tax
- The Most Held Currencies in the World | 1850-2024
- Salary sacrifice and your super
- 5 Clauses Tenants Should Look For When Reviewing a Lease
- ASIC continues crackdown on dodgy directors
- Vehicle association calls for stricter definitions with luxury car tax changes
- Government to push ahead with GIC deduction changes
- Exploring compassionate early release of super