Cyber incident update04 Jul 2023 3 min read
On 17 March 2023 NGS Super suffered a cyber-attack. We responded by immediately shutting down our network, undertaking investigations and launching comprehensive cybersecurity protocols and enhanced network monitoring.
Importantly, your super savings and the fund’s assets were always secure.
ATO Protective Measures
In response to the attack, the Australian Tax Office (ATO) applied broad protective measures, including restricting access to ATO online services for all NGS members, irrespective of whether your TFN was impacted in the attack. We understand that this been inconvenient, but the decision was made by the ATO to protect personal information.
The ATO has advised that from 3 July 2023, the protective measures have been lifted for the majority of NGS members. Most members should now be able to access the ATO’s online services and transact without having to call the ATO to lift the protective measures.
For a small number of members, the protective measures remain in place, and you will still need to call the ATO if you wish to transact with them. If you are unable to access the ATO’s online services please call their Client Identity Support Centre on 1800 467 033, between 8.00am and 6.00pm AEST, Monday to Friday.
What other help available to me?
NGS has engaged IDCARE, Australia’s national identity and cyber support community service. They have expert Case Managers who can work with you if you think your information may have been misused. IDCARE’s services are at no cost to our members. If you wish to speak with one of their expert Case Managers, please complete an online ‘Get Help’ form at www.idcare.org/contact/get-help, or call 1800 595 160 (Monday to Friday 8am – 5pm AEST excluding public holidays).
Please use the referral code NGS23. You can also access credit reports through Equifax and Experian to protect your information. If you need help or have questions, please call our Helpline on 1300 133 177. The Helpline is available Monday to Friday, 8am-8pm (AEST/AEDT).
Find some frequently asked questions below
What does this mean for members?
As soon as we detected unusual activity in our corporate systems, we immediately shut down our network and began investigations. We quickly confirmed that our members’ super savings and the Fund’s assets were secure, however we found that some limited data was taken which included personal member information.
We have communicated with members to let you know about the cyber-attack and make you aware of the support available through IDCARE, Equifax and Experian to protect your information. These services are still available to you and if you haven’t already, we encourage you to make contact.
Is my super safe?
Yes. This incident has not impacted member super savings or the funds’ assets. They have been secure on a separate platform at all times.
Can you provide more information about what has happened?
On Friday 17 March 2023 we first detected unusual activity within our systems.
We immediately shut down our network and began investigations which revealed we had been the victim of a cyber-attack.
As a result, we launched comprehensive cybersecurity protocols and enhanced network monitoring. These actions contained the incident.
We subsequently began working with cybersecurity experts to determine the cause of the Incident, the extent of the compromise and whether any personal information had been accessed.
Investigations to date, which are ongoing, have revealed that some limited data has been taken from our system during the attack.
Importantly, member super savings and the fund’s assets remain secure on a separate platform. We can confirm that your super savings are secure and have been secure at all times.
Can you tell me if my information has been impacted?
We will be issuing further communications to those members whose information has been impacted as soon as possible, which will include details of the types of information impacted.
How many members have been impacted?
We cannot disclose this information at this stage. We will be issuing further communications to those of our members whose information has been impacted next week.
I still can’t access the ATO online. What should I do?
The ATO has advised NGS that for a for a small number of our members, the protective measures remain in place, and you will need to call the ATO if you wish to transact with them. If you are unable to access the ATO online please call their Client Identity Support Centre on 1800 467 033, between 8.00am and 6.00pm AEST, Monday to Friday.
Where are my funds housed?
Members’ super savings remain safe and have not been impacted by this incident as they are protected in a separate platform.
What do you do to protect my funds?
NGS places a high priority on the security of personal information and is committed to protecting the personal information of our Members.
NGS takes reasonable steps to ensure that your personal information is secure and used and maintains appropriate safeguards to prevent misuse and loss and from unauthorised access, modification or disclosure.
We use administrative, physical and technical safeguards to protect the confidentiality and integrity of personal information and data.
Can I transact on my account?
Yes, you can continue to transact on your account via Member Online and if you have questions or need support, you can call the Helpline on 1300 133 177.
Do I need to do anything, like change passwords?
We have undertaken all the necessary security measures required and emphasise that our systems are safe and secure.
While your NGS Super account password is still safe to use, it’s a good idea to regularly change your password. You may wish to update your password as a precautionary measure.
What should I do to protect my data?
There are various measures that we recommend you consider taking to protect your personal information from the risks of identity and credit fraud. These include:
- be alert to all communications and transactions and stay vigilant to any phishing scams over phone, post or email
- check your bank account statements for suspicious activity and contact your bank if you see any unusual activity
- NGS is engaging in the services of IDCARE. Impacted members will be provided further information next week regarding how they can help you
- obtain a free credit report to identify whether there is any suspicious activity on your bank accounts (for example, Equifax credit reports are available at www.experian.com.au/consumer/order-credit-report)
- ensure that you have sufficiently complex passwords on your computer systems, your email and your social media accounts
- ensure that you have up-to-date anti-virus software and any recommended software patches installed on your computer systems
- visit Scam watch to keep up with current scam trends
Why was there sensitive information on internal drives?
This is still under investigation.
To reiterate, this incident has not impacted member super savings or the funds’ assets. They have been secure on a separate platform at all times.
Why did you wait so long to notify me?
We immediately focused our initial efforts after becoming aware of the incident on making sure that our systems were secure.
The cybercrime environment is becoming increasingly sophisticated, and it is typical that investigations of this kind, which are complex, take a substantial time to complete.
In the interests of protecting its members, NGS has been committed to a thorough investigation that leads to accurate findings. We communicated with you as soon as we understood the impact of the incident on members.
We are communicating with all impacted members and will be providing everyone with the necessary services and support.
Do you know what the source of the attack was?
Following a comprehensive forensic investigation, we are confident that we know what the source of the attack was and we have taken all necessary steps to restore and update the security of our systems.
Have the authorities been notified?
Yes, NGS has reported the incident to all relevant regulatory authorities.
All media enquiries should go to Libby Woolnough from WE Communications, 0421 004 044 or [email protected].
This article last updated on 4 July 2023.