NGS Super has fallen victim to a cyber incident, with the industry super fund confirming that some of its systems were recently accessed by an attacker for a short period of time.
In a statement published on its website, NGS said that it immediately shut down its network and launched investigations following the incident on Friday, 17 March, and initiated “comprehensive cyber security protocols and enhanced network monitoring”.
“Importantly, member super savings and the fund’s assets remain secure on a separate platform. We can confirm that your super savings are secure and have been secure at all times,” the fund told its members.
“Investigations to date have revealed that some limited data was taken from our system during the attack. We will be issuing further communications to members whose information has been impacted by the incident.”
In a statement to InvestorDaily, NGS confirmed that not all of the fund’s 120,000 members had been affected and said it was communicating with all members to keep them updated while it works with cyber security experts to determine the impact of the attack.
The super fund noted that it had previously taken steps to assess its cyber security risk and tighten controls back in 2022.
“We are continually working with our key service providers to identify areas of risk, to put proactive measures in place, and to ensure our information security processes and controls are of the highest standard,” NGS said.
“This is an area that is constantly moving and we are working hard, with experts in the field, to do everything we can to protect our members’ data.”
Furthermore, NGS stated that it places a high priority on the security of personal information and is committed to protecting the information of members.
“The actions we’ve taken to date and will continue to take have secured our members’ superannuation savings and the fund’s assets,” commented NGS Super acting chief executive officer Natalie Previtera.
“Our ability to respond to potential threats in a timely and efficient manner is at the core of our cyber security framework and allows for immediate action.”
Last year, Spirit Super announced that 50,000 of its member records were compromised in what it described as a broad phishing attack campaign. The records from 2019 and 2020 contained names, addresses, ages, emails, phone numbers, account numbers, and balances.
More recently, Latitude Financial disclosed a “sophisticated and malicious cyber attack” earlier this month, which followed other high-profile attacks on Optus and Medibank last year.
While 328,000 records were initially thought to have been stolen, Latitude reported in an update to the ASX on Monday that approximately 7.9 million Australian and New Zealand driver licence numbers had been stolen, including 3.2 million provided in the last 10 years.
Approximately 53,000 passport numbers were also stolen, as well as 6.1 million records dating back to at least 2005, of which approximately 5.7 million were provided prior to 2013.