7 April 2025
You may have seen recent news of a series of coordinated cyberattacks affecting the members of several major Australian superannuation funds.
Please be assured that Child Care Super has not currently been impacted by the current cyberattacks.
We have been monitoring (and are continuing to monitor) the situation carefully and are committed to keeping our members updated and protected.
Here’s what happened and what you need to do.
What happened
Last week, several major super funds were targeted in coordinated cyberattacks where attackers used passwords previously involved in unrelated data breaches to fraudulently access members’ accounts and make a limited number of withdrawals. When passwords are reused across different logins, they are much easier for hackers to access.
As a result of these cyberattacks, most super funds are currently seeing a high volume of calls and logins from concerned members.
Our members have not been impacted by these cyber-attacks to date.
However, the issue highlights the ongoing need to use multi-factor-authentication (MFA) and strong passwords in all your online accounts that handle financial transactions.
How we protect your account
Your account is protected by:
Cyber protection
We use authentication technology to monitor login patterns and flag any unusual activity in our members’ accounts. This advanced technology uses multiple layers of verification, analyses requests to change passwords or bank details, and blocks suspicious login attempts to continuously monitor and protect your account.
Secure login
We use two-factor-authorisation during login to protect your accounts. When combined with a strong and unique password, this is the best protection against unauthorised logins.
What you need to do
We strongly encourage you to review your login security and ensure that you:
Use a strong, unique password
The accounts affected by these attacks were targeted mainly through credential stuffing - a type of cyberattack where hackers use previously stolen usernames and passwords from unrelated data breaches to attempt to log in to other platforms.
In other words, the same password has been used for something else. Please ensure you use a unique and strong password that you’ve never used anywhere else.
There are various third-party apps that can help you store and retrieve strong unique passwords, often with biometric protection. You can find advice about this at the Australian Signals Directorate.
Remain alert
With scammers currently active, please be on the lookout for fraudulent emails or messages. To help you check that communication is genuine, please follow this advice to keep your account safe from phishing emails or texts.
Check the sender's email address - Look for misspellings, unusual domains, or anything that seems out of place.
Do not click on links in suspicious emails (go directly to the website in your browser or app)
We will never ask for your password or pin number via email or unsolicited communication.
If you need to contact us, do not use contact details provided in suspicious communications. Always obtain contact information directly from our official website or app
Exercise extreme caution with email attachments. Do not open attachments if you have any doubts about their legitimacy.
If something seems suspicious, it likely is. When in doubt, contact us via a trusted method.
If you are concerned
If you are concerned about any unusual activity on your account or have any questions, please contact us on 1800 060 215 or at info@childcaresuper.com.au