NGS Super Suffers Major Cyber Attack; 110,000 Members’ Personal Details Potentially Compromised

NGS Super, an Australian superannuation fund holding over AUD 13.4 billion in retirement savings, has fallen victim to a cyber attack on its corporate IT systems. The data breach, which occurred on 17 March 2023, potentially exposed personal data of 110,000 members, raising questions about the fund’s security measures and putting members at risk of targeted scams and identity theft.

In an email sent to their members on 27 March, ten days after the incident, NGS Super urged them to “check your bank account and superannuation statement for any suspicious activity and contact your bank or Fund if you see any unusual activity” and to be cautious of potential phishing scams. This latest security failure follows recent hacks relating to personal details being stolen from Optus, Medibank, and Latitude Financial Services, casting doubt on the security practices of such organisations.

NGS Super belatedly informed their members that they have taken action to mitigate the impact of the breach, emphasising the importance of vigilance.

In response to the attack, NGS Super has engaged IDCARE, a national identity and cyber support community service, to provide expert assistance to affected members at no cost. Members who suspect their information has been misused can complete an online ‘Get Help’ form at www.idcare.org/contact/get-help or call 1800 595 160.

Despite the potential compromise of personal information, NGS Super assured its members that their superannuation savings and the fund’s assets remain secure on a separate platform. As soon as the organisation became aware of the incident, they shut down their network and initiated comprehensive cybersecurity protocols and enhanced network monitoring.

NGS Super stated they are working closely with cybersecurity experts and a specialist cyber law firm to address the situation, ensure compliance with statutory obligations, and prevent future breaches. However, the incident will inevitably shake some of their members’ trust, and questions will be raised about the fund’s ability to safeguard members’ personal information and protect their superannuation savings and assets.

More information can be found at https://www.ngssuper.com.au/articles/news/cyber-incident-update

A good source of information on how affected members can protect themselves from scams is to also review the Australian government website Scamwatch. The following information was released in light of the Optus breach but is also applicable to this similar breach: https://www.scamwatch.gov.au/types-of-scams/recent-scam-activity/optus-data-breach-scams