An industry super fund is the latest victim of a cyber-attack, admitting sensitive customer data has been accessed by outside parties.
NGS Super is the latest company to suffer from the actions of hackers – but says no super savings were accessed.
“On Friday 17 March 2023 we discovered that a cyber-attacker had gained access to some of our systems for a short period of time,” the company said in a statement.
“We immediately shut down our network and began investigations. We also launched comprehensive cybersecurity protocols and enhanced network monitoring.”
It confirmed member savings are held within a separate system which is unaffected.
“Importantly, member super savings and the fund’s assets remain secure on a separate platform. We can confirm that your super savings are secure and have been secure at all times.”
NGS has not publicly clarified what private information has been accessed, or how many members are affected, but says it will be issuing further communication to those affected members as soon as possible.
Despite the security breach, NGS reiterated its commitment to protecting private member information.
“We would like to emphasise that NGS takes cyber security and privacy of all personal information seriously,” the company says.
“We sincerely apologise this has happened. You can be assured we remain highly alert and continue to monitor our systems for signs of any suspicious activity.”
NGS has engaged Australia’s identity and cyber support service IDCARE to help affected members by providing expert case managers to work through any issues that arise.
Despite NGS’s reassurances, it is recommending that members take extra precautions to protect their security, including checking their bank account and superannuation statement for any suspicious activity as well as using complex passwords on their computer systems, email and social media accounts.
The breach comes after the Australian Prudential Regulation Authority (APRA) warned super funds in February that a cyber-attack was virtually inevitable.
Dr Katrina Ellis, APRA general manager of superannuation, told a super conference in Brisbane that the watchdog was “actively assessing control weaknesses” in funds, and that nine funds had already been through this process.
It’s not clear whether NGS was part of that APRA security assessment.
If you’re an NGS member and believe you may have been affected, contact either NGS directly or the IDCARE service on 1800 595 160.
Is your super with NGS? Have you suffered a data breach before? Let us know how you handled it in the comments section below.
Also read: How safe is your data with a budgeting app?