As many as 50,000 members of Tasmanian-based industry super fund Spirit Super may have had their sensitive personal information compromised.
The data breach occurred on 19 May when a Spirit Super staff member's email account was caught up in a broad phishing attack campaign.
The personal data that may have been comprised includes names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances.
In a statement Spirit Super said that it detected the information security breach and contained the account quickly - “… it was human error during a malicious email attack posing as official correspondence. This was not the result of a material security control weakness or technology failure. The malicious email resulted in a staff member's password being compromised.”
According to the Australian Prudential Regulation Authority. Spirit Super is Australia's eighth largest industry super fund by number of members.
Spirit Super was created last year by the merger of MTAA Super and Tasplan.
CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.
If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us
We couldn't do this without the support of our sponsors and contributors.