Cyber incident update

As soon as we detected unusual activity in our corporate systems, we immediately shut down our network and began investigations. We quickly confirmed that our members’ super savings and the Fund’s assets were secure, however we found that some limited data was taken which included personal member information.

We have communicated with members to let you know about the cyber-attack and make you aware of the support available through IDCARE, Equifax and Experian to protect your information. These services are still available to you and if you haven’t already, we encourage you to make contact.

Yes. This incident has not impacted member super savings or the funds’ assets. They have been secure on a separate platform at all times.

On Friday 17 March 2023 we first detected unusual activity within our systems.

We immediately shut down our network and began investigations which revealed we had been the victim of a cyber-attack.

As a result, we launched comprehensive cybersecurity protocols and enhanced network monitoring. These actions contained the incident.

We subsequently began working with cybersecurity experts to determine the cause of the Incident, the extent of the compromise and whether any personal information had been accessed.

Investigations to date, which are ongoing, have revealed that some limited data has been taken from our system during the attack.

Importantly, member super savings and the fund’s assets remain secure on a separate platform. We can confirm that your super savings are secure and have been secure at all times.

We will be issuing further communications to those members whose information has been impacted as soon as possible, which will include details of the types of information impacted.

We cannot disclose this information at this stage. We will be issuing further communications to those of our members whose information has been impacted next week.

The ATO has advised NGS that for a for a small number of our members, the protective measures remain in place, and you will need to call the ATO if you wish to transact with them. If you are unable to access the ATO online please call their Client Identity Support Centre on 1800 467 033, between 8.00am and 6.00pm AEST, Monday to Friday.

Members’ super savings remain safe and have not been impacted by this incident as they are protected in a separate platform.

NGS places a high priority on the security of personal information and is committed to protecting the personal information of our Members.

NGS takes reasonable steps to ensure that your personal information is secure and used and maintains appropriate safeguards to prevent misuse and loss and from unauthorised access, modification or disclosure.

We use administrative, physical and technical safeguards to protect the confidentiality and integrity of personal information and data.

Yes, you can continue to transact on your account via Member Online and if you have questions or need support, you can call the Helpline on 1300 133 177.

We have undertaken all the necessary security measures required and emphasise that our systems are safe and secure.

While your NGS Super account password is still safe to use, it’s a good idea to regularly change your password. You may wish to update your password as a precautionary measure.

There are various measures that we recommend you consider taking to protect your personal information from the risks of identity and credit fraud. These include:

1. be alert to all communications and transactions and stay vigilant to any phishing scams over phone, post or email
2. check your bank account statements for suspicious activity and contact your bank if you see any unusual activity
3. NGS is engaging in the services of IDCARE. Impacted members will be provided further information next week regarding how they can help you
4. obtain a free credit report to identify whether there is any suspicious activity on your bank accounts (for example, Equifax credit reports are available at www.experian.com.au/consumer/order-credit-report)
5. ensure that you have sufficiently complex passwords on your computer systems, your email and your social media accounts
6. ensure that you have up-to-date anti-virus software and any recommended software patches installed on your computer systems
7. visit Scam watch to keep up with current scam trends

This is still under investigation.

To reiterate, this incident has not impacted member super savings or the funds’ assets. They have been secure on a separate platform at all times.

We immediately focused our initial efforts after becoming aware of the incident on making sure that our systems were secure.

The cybercrime environment is becoming increasingly sophisticated, and it is typical that investigations of this kind, which are complex, take a substantial time to complete.

In the interests of protecting its members, NGS has been committed to a thorough investigation that leads to accurate findings. We communicated with you as soon as we understood the impact of the incident on members.

We are communicating with all impacted members and will be providing everyone with the necessary services and support.

Following a comprehensive forensic investigation, we are confident that we know what the source of the attack was and we have taken all necessary steps to restore and update the security of our systems.

Yes, NGS has reported the incident to all relevant regulatory authorities.