Customers who have been impacted by the data breach at Spirit Super are being urged to remain vigilant to scams and unsolicited emails, text messages or phone calls, however the company believes there is minimal threat of identity theft due to the nature of the information accessed by the breach.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
About 50,000 members were affected by the breach, which the company says was a result of human error, after a staff member fell victim to a phishing scam.
Tasmania based Spirit Super is a relatively new superannuation company formed after the merger of MTAA Super and TasPlan. The merger occurred last year and the company rebranded as Spirit Super.
Chief executive Jason Murray said customers affected by the breach should be reassured that the information that was accessed was not enough on its own to be able to access superannuation accounts.
"There were no government identifiers in the data and there is minimal risk of identity theft or fraud as a result of the limited data set involved in the privacy breach," he said.
"It is possible that the information could be used to contact you in an attempt to get you to disclose further information, such as your date of birth. This is why we recommend you remain vigilant."
Spirit Super began contacting members on Saturday to inform them that some of their personal data had been compromised, including names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances.
However, Mr Murray said no evidence of suspicious activity had occurred since the breach and it was likely that the attacker did not know it had access to the data set.
"We have analysed account activity for impacted members specifically looking for unusual activity with nothing identified to date. We continue to monitor all impacted members' accounts in addition to our block on payments to minimise any risk of fraudulent access of funds," he said.
Customers are advised they don't need to change their passwords for their online account as passwords were not included in the compromised data set.
"We would also suggest that you do not share that your personal information may have been compromised online or on social media to reduce your chances of becoming a target for further activity. We encourage members to be aware of any sensitive personal information they may have within their social media profiles that could be publicly available - such as date of birth," Mr Murray said.
He said the company took privacy and the security of information and systems "extremely seriously" and they would continue to work to bolster those.
"Online threats are constantly evolving, and no organisation can completely mitigate these risks. We continue to invest in internal capability, technology, improved internal processes, and staff training to reduce the likelihood and severity of future data breach events.
"In the immediate term, we will be communicating with all staff and providing guidance on enhanced measures when handling sensitive information, and taking extra precautions around multifactor authentication prompts."
If you are concerned about your data contact Spirit Super on 1800 005 166.
Our journalists work hard to provide local, up-to-date news to the community. This is how you can continue to access our trusted content:
- Bookmark www.examiner.com.au
- Make sure you are signed up for our breaking and regular headlines newsletters
- Follow us on Twitter: @examineronline
- Follow us on Instagram: @examineronline
- Follow us on Google News: The Examiner