Superrannuation Hack in “Wake-Call” to make the funds safe as a bank
“It could be from Medibank, it could be optus, it could be of latitude. It could be from all the other violations you have not heard of.”
“Paccano (the data) … and they play it against other websites. In this case, they looked for the superanuation companies for a good reason because they have money and are less defended than a bank.”
But he said that super funds had the responsibility of protecting the trillions of dollars of Australian earnings that they managed and invited the funds to increase their IT security.
“They have to think about themselves as in the same way as banks,” MacGibbon said.
“The banks have implemented more security, and it is time for regulators to make sure that the superanuation companies are doing the same thing.”
MacGibbon said she is not aware of what safety measures super funds, but a strong multifative authentication can help.
The former commissioner for the Safety said that a common multifactorial authentication method, in which a “safe” code is sent to a account holder via text message, it would be useless if the hackers could use a stolen password to access the suprannuation account and change the registered mobile number.
The multifactive authentication based on app is considered less vulnerable to attacks than safe codes sent by text message.Credit: Action
He said that when the hackers then transferred the funds, they would receive the Multifactorial authentication text message, not the account holder. Multifactive authentication through an app was safer because everything happened inside a phone.
MacGibbon said that the super fund hackers – that they started with about $ 500,000 of four money from Australian customers, would probably transfer the stolen funds to smaller banks that allowed transfers in cryptocurrency exchanges, making the track almost impossible.
He said the funds should also increase anti -theft technologies that detect abnormal behavior, for example if the account of a regular collaborator suddenly changed the phone number and address and money required was paid.
MacGibbon said that a lack of communication from super funds after violations caused panic and confusion for the members and give priority to transparency and immediately refund any stolen money would increase consumer trust.
“Many people have tried to access their accounts, and obviously the organizations could not face that traffic volume. People saw zero sales or were unable to enter, which is problematic. They must communicate.”
He said the attack was an attempt to support and on a large scale, but it had not been a disaster.
“This is what I call an alarm bell,” he said. “But (the hackers) did not go away as bandits. They didn’t go away with millions of dollars … because there is a little safety in place.
“For people who have stolen their superanuation, it is not a small crime, of course, but they will get their money back … there is no superanuation company in Australia who would run the risk of saying:” No, we are not responsible for that “. They would have played with fire and I will first queue to condemn them.”
A spokesman for the Australian prudential regulation authority said on Friday that all members of superanuation interested in having lost money should contact their fund.
“In general, all super funds hold reserve funds, including the financial reserve at operational risk, which could be used to support members in such circumstances,” said the spokesperson. “Funds can also rely on other sources such as insurance coverage.”
Jonathan Steffanoni, CEO of the registered office based in Melbourne Legal & Prudential, said that the “general context” was that the funds and the members of the superanuation were “both victims of a crime”.
He said it seemed that there had been a violation of data pursuant to the Commonwealth privacy law, for which Members could look for compensation through the Australian information commissioner office. But there were limits on paying compensation.
“That compensation channel is not designed to manage fraud instances,” said Steffanoni.
He said that the members whose funds had been stolen could also seek compensation presented to the trustee of their fund or to the Australian Authority of financial complaints.
However, Steffanoni believed that it was “very likely that the trustee and the members involved here came proactively to a sort of settlement”. This would circumvent an expensive trial of courts and potentially also Afca.
He said that questions could arise that the members had “contributed to a certain extent” to their loss by reusing passwords or not using two -factor authentication where available.
But in this case, there were still limited public information on exactly what had happened, Steffanoni said.
A spokesman for Rest, one of the Super Funds targeted, on Saturday reassured the members who had left their accounts.
“The safety of our members of our members is our number one priority,” said the spokesperson.
Rest confirmed that he had faced problems with his portal and the online members app due to a large number of customer questions and his call center also dealt with high call volumes.
“We apologize for the inconvenience and appreciate the patience of our members,” they said.
Australian Retirement Trust, Australiansuper, HostPlus and Insignia Financial have refused to provide an update on Saturday.
With Ashleigh McMillan
The day begins with a summary of the most important and interesting analysis of the analysis and intuitions of the day. Sign up for our Morning Edition newsletter.
