© 2012 FSS Trustee Corporation ABN 11 118 202 672, AFSL 293340, the trustee of the First State Superannuation Scheme ABN 53 226 460 365. Please click on the links on the right hand side to the general advice warning and conditions of use for this website.
Send to a Friend
Security of member information update
There has recently been some media coverage about unauthorised access to our members’ online benefit statements. The statements were in PDF format and were viewed by the person responsible but he did not gain direct access to other account details nor did he conduct any transactions.
Only 568 member statements were viewed out of a total membership of some 770,000. The members whose statements were viewed have been notified.
The fault in our security was also rectified immediately, and a comprehensive IT security review is now underway.
The unauthorised access occurred in late September 2011 and was carried out by a member of First State Super, who is the principal consultant with an IT security firm. While he immediately contacted us and disclosed his actions, claiming that his objective was to highlight a security weakness, not to commit fraud, his actions were nevertheless a serious breach of privacy legislation and First State Super was obliged to report the matter in accordance with the recommendations of the Privacy Commissioner.
The unauthorised access had already been flagged as an unusual activity by the system and was under investigation by our IT system manager, Pillar, prior to the member calling First State Super. Following a review of all system activity reports back to inception of the website, Pillar has confirmed that this is the first time such an incident has occurred.
On legal advice First State Super also reported the incident to the NSW Police so we could ensure that any unauthorised copies of the member statements involved were destroyed. We have no doubt that First State Super members would expect such certainty in relation to the privacy of their information.
First State Super appreciates that the actions of the person involved has allowed us to address an undetected weakness in our online security. Subject to his compliance and cooperation in ensuring that the unauthorised statements he downloaded have been destroyed, we have no intention of taking any other action against him.