Spirit Super Privacy Breach

**Al Bundy** · 31-05-22, 01:31 PM

50,000 plus, before I rant I will declare that I am one of those whose details have been stolen.

Breach occurred on 19 May, I was informed on 28 May and somehow Spirit Super thinks this is adequate, I certainly don't.

With the money they take from me every year I would expect far better security than the ability for someone just to be Phished to have 50,000 sets of details stolen.

It is important to note that this data DOES NOT include dates of birth, government identification numbers (such as tax file numbers or driver's license details), or any bank account details.

I actually don't believe the above for a minute, pure spin to stop a panic, I guess only a full investigation by the Privacy Commissioner will bear out the true damage, if it happens that is, the problem is of course Spirit Super will be investigating themselves, no guesses as to the outcome from their side.

Spirit Super employs multifactor authentication (MFA) in addition to a username and password to access our systems. Unfortunately, this additional layer of protection was overcome by the attacker and the mailbox was accessed. Phishing attacks such as this are becoming increasingly sophisticated and common.

Okay, how was this able to occur?

We have no evidence to suggest your information and the broader set of member data has been intentionally accessed. All we know is that the email account was compromised, and within that mailbox this data was available. The attacker may not be aware of the data set. Because of this, we recommend limiting any activity that might draw attention to your details being included in the data set, such as posting on social media.

I will ask the obvious, Do they have any evidence to suggest that our information hasn't been deliberately accessed? So it was all purely accidental, and the Phishing was just a big mistake? What a joke.

So I don't know how many else on here have received the same email, I will be walking ASAP.

Rant over.

**enf** · 31-05-22, 02:20 PM

If all the stuff they said was actually safe, what details did the phishermen get that would warrant suh a letter and delay?

I would walk too, but without any fuss.....roadblocks in superannuation can be quick and large. Like insurance.

**Al Bundy** · 31-05-22, 06:04 PM

Originally Posted by enf

If all the stuff they said was actually safe, what details did the phishermen get that would warrant suh a letter and delay?

I would walk too, but without any fuss.....roadblocks in superannuation can be quick and large. Like insurance.

Yep, already heading out the door