Important information – third‑party provider cyber security incident
17 October 2023Super SA is aware of a specific cohort of 14,011 members who may have been impacted by a cyber security incident involving a former third-party service provider to Super SA, and other South Australian government agencies.
We can assure you that the security of member funds and our core operations have not been impacted.
The third-party provider was a call centre that had been contracted by Super SA to field inquiries from members affected by a separate 2019 breach. None of the data held by the third-party provider contains information post 2020.
Depending on available contact information, impacted members would have received an email or will receive a letter in the post shortly. If you have not received either an email or a letter, you were not impacted.
We are taking an abundance of caution to secure member accounts in the acknowledgment that the data has been breached. At this stage it is still our understanding that the Super SA data has not been accessed however, we continue to monitor the situation.
Your data is very important to us.
As soon as Super SA was made aware of the possible cyber incident involving the third-party entity and a possible data breach, we added additional security measures to the affected member accounts, whilst other government agencies awaited the decryption of their data.
Super SA has many safeguards in place to protect your personal information, from your contact details to your account balance. We actively monitor for signs of suspicious activity as part of our ongoing compliance obligations and to date, there is no indication of suspicious activity. However, since we were made aware of the threat by the external provider, we have also heightened our ID theft monitoring and controls for those who may be impacted.
Steps you can take:
- Remain alert to increased scam activity, especially email and SMS or telephone phishing scams (i.e. fraudulent communications disguised as if to look like they come from an organisation you trust).
- Do not click on any suspicious attachments or provide your passwords or any personal information. Always refuse any unprompted request from an individual to access your computer even if they say they are from a credible organisation.
- Enable multi-factor authentication for your accounts where possible.
If you’re concerned your ID may already be compromised:
- If you need further assistance Super SA are making available to you the services of IDCARE, Australia’s national identity and cyber support community service. Super SA has partnered with IDCARE specifically for the purpose of providing impacted individuals with tailored and specific advice, beyond the general advice that is ordinarily available to members of the public. Complete an online Get Help form on the IDCARE website or call 1800 595 160. Note IDCARE specialist Case Managers are available from 9:00am to 6:00pm AEDT Monday to Friday excluding public holidays. When engaging IDCARE please use the referral code provided on the communications we sent to you advising of the incident.
- Get in contact with us as soon as possible to add further monitoring to your account.
If you have questions and would like to speak to someone at Super SA, we have set up a dedicated phone line on 08 8214 7800, our friendly Contact Centre is available Monday to Friday, from 9:30am to 5:00pm or send an email to supersa@sa.gov.au.