Select Page

Incident: 50k customers caught up in Tasmanian Spirit Super phishing attack | iTnews

Incident: 50k customers caught up in Tasmanian Spirit Super phishing attack | iTnews

Australian Superfund Phishing Attack, 30 May 2022

50k customers caught up in Tasmanian Spirit Super phishing attack

Data possibly compromised after attacker overcame MFA on email account

Company Statement: Privacy Breach 2022 Updated 30 May 2022
Source: 50k customers caught up in Spirit Super phishing attack | iTnews

Related incidents in Tasmania and the Banking and Finance industry.

As many as 50,000 members of Tasmanian based industry super fund Spirit Super may have had their sensitive personal information compromised after a phishing attack earlier this month.

Spirit Super revealed on Friday that a “data incident where a staff member’s email account was compromised” occurred on May 19. The mailbox contained names, addresses, ages, email addresses, phone numbers, super account numbers and the balances of members from the 2019-20 financial year. No tax file numbers, driver’s licence details or bank account details are said to have been stolen.

Spirit Super said the attacker, who used an email “posing as official correspondence”, was able to overcome multi-factor authentication to compromise the staff members password.

Spirit Super is Australia’s eighth largest industry super fund by number of members, according to the Australian Prudential Regulation Authority.

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This