Members of a major Australian superannuation fund have reportedly lost $500,000 between them after a coordinated attack by hackers.

Others have reported zero balances or being unable to access their accounts.

Hostplus, Rest, AustralianSuper and Australian Retirement Trust are among the providers hit by the attack, which was confirmed on Friday by Australia’s National Cyber Security Coordinator Lieutenant General Michelle McGuinness.

The nation’s biggest fund AustralianSuper said hackers had sought lump sum withdrawals from up to 600 accounts.

Its more than 3.4 million members are struggling to log in amid high call-centre traffic and intermittent outages to online services. But ut some who have been able to gain access have been warned they will not like what they see.

“Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure,” the fund said, assuring members it was a temporary glitch.

“We are working hard to resolve is as quickly as possible,” it said.

Rest said 8000 accounts may have had personal information accessed but no member funds had been transferred.

“We have already contacted impacted members to reinstate their account access and provide next steps and support,” it said.

The Association of Superannuation Funds of Australia revealed “a number of members” had funds stolen. It said they would be contacted by providers.

The attack happened last weekend, and follows rising reports of online security threats in Australia with a cyber crime reported every six minutes.

McGuinness said superannuation and banking firms were working with government agencies to respond to the attack, which had hit several funds.

“I am aware cyber criminals are targeting individual account holders of a number of superannuation funds,” she said.

“I am coordinating engagement across the Australian government, including with the financial system regulators, and with industry stakeholders to provide cyber security advice.”

McGuinness urged anyone who had been affected, or was concerned they had, to follow the advice of their super fund.

The attack followed a spike in “suspicious activity” on AustralianSuper’s website and app, chief member officer Rose Kerlin said.

“This week we identified that cyber criminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud,” she said.

“While we took immediate action to lock these accounts and let those members know, there are things members can do right now to protect themselves online.”

Superannuation funds have urged members to check accounts for signs of fraud, ensure banking and contact details are correct, and change their password if it is not unique to their account.

The superannuation industry association also confirmed members’ funds were stolen in last weekend’s attack.

“While the majority of attempts were repelled, unfortunately a number of members were affected,” it said.

“Funds are contacting all affected members to let them know and are helping those whose data has been compromised.”

It is believed that attackers targeted accounts that could deliver lump sum withdrawals.

Government agencies would investigate the cyber attack, Prime Minister Anthony Albanese said, as he warned that online attacks had become common in Australia.

“We will respond in time, we’re considering what has occurred,” Albanese said.

“But bear in mind the context here: There is an attack, a cyber attack in Australia about every six minutes.”

The Australian Signals Directorate Annual Cyber Threat Report in 2024 revealed cyber crime reports had increased 12 per cent, with an average of 100 calls a day to the Australian Cyber Security Hotline.

-with AAP