Data Breach Overview

A potential data breach involving SuperEd, an Australian fintech company specializing in retirement and superannuation technology, has been reported. The leak was posted in September 2025 by a user named unit_pegasus on the cybercrime forum DarkForums.st.

SuperEd is known for providing digital retirement advice solutions to super funds across Australia, including tools for Age Pension support, hybrid financial advice, and income forecasting.

Where Was the Data Found?

The alleged breach was shared on DarkForums.st, a well-known underground forum used for trading and leaking compromised data. The post, authored by @unit_pegasus, does not currently include details on the size or contents of the leaked dataset. However, given SuperEd’s role in the retirement services ecosystem, the exposure could potentially involve:

• Personally identifiable information (PII)

• Financial projections and account data

• System credentials or API keys

• Internal documentation or proprietary technology

A Screenshot of the data can be found below:

Company Data Breach History

There are no previously reported data breaches directly linked to SuperEd.

However, in April 2025, several Australian superannuation funds experienced cyberattacks, including credential theft and unauthorized access to member accounts. These incidents highlight growing risks in the broader superannuation tech sector.

Impact and Risks

If verified, this breach could lead to:

• Identity theft and financial fraud

• Unauthorized access to retirement accounts

• Phishing attacks using personal or financial data

• Reputational damage for SuperEd and its partner funds

• Compromise of proprietary systems used by multiple funds

Recommendations for Users

For SuperEd Clients and Fund Members:

• Change all associated account passwords immediately

• Enable two-factor authentication (2FA)

• Avoid reusing credentials across services

• Monitor retirement accounts and emails for unusual activity

• Be cautious with unsolicited messages requesting personal info

For SuperEd and Partners:

• Initiate a security audit and incident response process

• Reset compromised credentials and rotate API keys

• Notify affected partners and users as required under Australian privacy regulations

• Strengthen monitoring and access controls

What is InsecureWeb?

InsecureWeb is a Dark Web monitoring service that keeps track of recent data breaches and tracks their impact by monitoring the darkest places of the internet.

Our commitment lies in providing top-notch cybersecurity services to our clients. Through continuous monitoring of the dark web and advanced threat detection methodologies, we strive to identify potential breaches promptly, enabling swift response and mitigation efforts. With our state-of-the-art tools and expertise, we prioritize the confidentiality, integrity, and availability of our clients’ data.