Australian Superfund Phishing Attack, 30 May 2022

50k customers caught up in Tasmanian Spirit Super phishing attack

Data possibly compromised after attacker overcame MFA on email account

Company Statement: Privacy Breach 2022 Updated 30 May 2022
Source: 50k customers caught up in Spirit Super phishing attack | iTnews

Related incidents in Tasmania and the Banking and Finance industry.

As many as 50,000 members of Tasmanian based industry super fund Spirit Super may have had their sensitive personal information compromised after a phishing attack earlier this month.

Spirit Super revealed on Friday that a “data incident where a staff member’s email account was compromised” occurred on May 19. The mailbox contained names, addresses, ages, email addresses, phone numbers, super account numbers and the balances of members from the 2019-20 financial year. No tax file numbers, driver’s licence details or bank account details are said to have been stolen.

Spirit Super said the attacker, who used an email “posing as official correspondence”, was able to overcome multi-factor authentication to compromise the staff members password.

Spirit Super is Australia’s eighth largest industry super fund by number of members, according to the Australian Prudential Regulation Authority.