Statement on website – Spirit Super, 27 May 2022
Privacy breach
Spirit Super have today contacted members affected by a data incident that has unfortunately resulted in some personal details being compromised. This article outlines what’s happened and what Spirit is doing to support affected members.
Please Note: If you haven’t received an email, SMS or letter from Spirit Super about this incident then you have not been identified as affected by this breach.
What happened?
On 19 May 2022 Spirit Super experienced a data incident where a staff member’s email account was compromised.
We detected the information security breach and contained the account quickly. We have continued to investigate the extent of the breach, and we believe there was unauthorised access to a mailbox containing personal data.
The personal data that may have been compromised is similar to some information provided in an annual statement, including names, addresses, ages (as at 2019 and 2020), email addresses, telephone numbers, member account numbers and member balances (as at 2019 and 2020).
It is important to note that this data DOES NOT include dates of birth, government identification numbers (such as tax file numbers or driver’s license details), or tax file numbers or any bank account details.
The breach was the result of an email phishing activity, rather than a system error, regardless we are taking all reasonable steps to prevent this from happening again.
Please be assured investigations to date indicate that accounts have not been compromised. We have increased the levels of security to ensure our members’ accounts remain safe. Our investigation will continue.
What are we doing?
Spirit Super takes cybersecurity and the protection and privacy of our members’ data extremely seriously. We moved immediately to secure accounts and member data.
We are undertaking a thorough investigation to assess the impact. This includes reviewing account activity and placing enhanced controls on accounts.
We are also notifying all relevant authorities, including the Privacy Commissioner, and will work with them in a transparent manner
We will take immediate precautions to further strengthen our IT security and reduce future risks of cyber incidents
I’m worried, who can I speak to about this?
We understand that members may feel worried about this breach, and how it may affect them personally. Please be assured that our members are our highest priority, and we want you to be aware that we have and will continue to work to assess and contain the situation as our top priority. We deeply regret this incident, and sincerely apologise to members who may have been affected by this data breach.
General inquiries can continue to be made to the Spirit Super contact centre on 1800 005 166. We have extended our contact centre hours and will be open Saturday 28th May between 8 am and 12 pm as well if you wish to speak to someone sooner.
