NGS Super, an industry superannuation fund serving the education and community sectors, said an attacker had stolen “limited data” from its systems.
The fund said it detected and shut down an incident on March 17, but not before the attacker was able to exfiltrate some data.
The stolen data was stored on “internal drives”, according to the fund; why it was stored there is a matter for investigation.
“For our members we know that data was accessed, which for a group of members included their primary identifiers,” NGS Super said.
“We will be directly communicating with any members whose data has been accessed.”
NGS Super said it could not publicly disclose the exact number of customers impacted, nor “details of the types of information impacted.”
It said that members’ super savings and the fund’s assets “remain secure on a separate platform.”
NGS Super said it had taken some time to perform a “comprehensive forensic investigation” following detection of the incident.
“We are confident that we know what the source of the attack was and we have taken all necessary steps to restore and update the security of our systems,” it said.
It defended the delay in publicly disclosing the incident, saying it “immediately focused our initial efforts after becoming aware of the incident on making sure that our systems were secure.”
“The cybercrime environment is becoming increasingly sophisticated, and it is typical that investigations of this kind, which are complex, take a substantial time to complete,” NGS Super said.
“In the interests of protecting its members, NGS has been committed to a thorough investigation that leads to accurate findings.
“We communicated with you as soon as we understood the impact of the incident on members.
“We are continuing to communicate with all impacted members and will be providing everyone with the necessary services and support.”
NGS Super added that it had not seen evidence of stolen data being leaked but that it was continuing to monitor the situation.
