NGS Super, a superannuation fund in Australia, has confirmed that it was hit by a cyberattack on March 17 that resulted in “some limited data” being stolen. The fund immediately shut down its network and launched several cybersecurity protocols, including enhanced network monitoring, to contain the incident.
The attack did not impact the superannuation savings of NGS Super’s members, which remained secure. NGS Super has not disclosed how many members had data stolen or the type of data that was taken.
NGS Super has described itself as “the leading Industry SuperFund for those in the independent and community sectors” and has an estimated 112,000 members.
The super fund has not said who it believes is responsible for the attack. Members have criticized NGS Super on social media for not advising them of the cyber attack until 10 days after it occurred.
Additionally, a spokeswoman for NGS Super said the reason for the delay was to ensure a thorough investigation was completed. NGS Super has confirmed that no ransom was demanded.
The disclosure of the cyber attack by NGS Super follows a number of cyber security breaches in recent months, including Crown Resorts, Latitude Financial, Rio Tinto, Medibank, and Optus. The super fund is continuing to work with cybersecurity experts, regulators, and stakeholders to limit the impact of the incident and mitigate risk.
Furthermore, NGS Super members are encouraged to contact IDCARE, a not-for-profit organization that assists victims of cyber attacks, for assistance.
NGS Super has apologized for the incident and reassured its members that it takes cyber security and privacy of all personal information seriously.
