HWL Ebsworth
Cyber Security Incident 

Yes, Hostplus’ own systems have not been impacted by this incident and member accounts remain safe and secure. 

Hostplus have also worked to secure your personal and financial information in a variety of ways.  

We have specific preventative and monitoring controls in place, including:  

• additional identification verification points through our customer-facing teams 
• enhanced security monitoring
• engagement with law enforcement and regulators wherever needed. 

Hostplus also safeguards your information using multi-factor authentication.

When accessing your account online, you must enter a one-time PIN. You'll need this one-time PIN to log in to your Member Online, Pension Online and your account via the Hostplus app, or phone. 

Multi-factor authentication is effective in protecting against unauthorised access to your information and accounts. 

Further information on this important security feature can be found here. 

There are steps you can take to make your account even more secure and for peace of mind. These include  keeping your contact details with us up to date so we can get in touch with you quickly if we suspect any unusual activity on your account. 

We also recommend you:  

• Always keep your security codes, PINs and passwords private. 
• Do not provide remote access to your computer or device to unknown parties who may use this access to try to steal your information. 
• Remain alert to increased scam activity, especially email and SMS or telephone phishing scams (ie fraudulent communications disguised as if to look like they come from an organisation you trust, including Hostplus).
• Be on the lookout for emails and texts that you're not expecting. Hover over a link to check for misspelt web domain names and unusual sender email addresses. They can contain links that can damage your security. 
• Consider using a long, unpredictable and unique passphrase instead of passwords and enable multi-factor authentication on other online accounts where possible. Australian Cyber Security Centre guidelines can be found here. 
• Enable up-to-date anti-virus or similar security protections on any device you use to access your online accounts.  
• Stay up to date with what is happening with your Hostplus account. You can do this by downloading the Hostplus mobile app and enabling mobile app and email notifications. Read all correspondence from Hostplus, including notification alerts and your annual statement. 

HWLE has partnered with IDCARE, Australia’s national identity and cyber support community service, specifically for the purpose of providing impacted individuals with tailored and specific advice, beyond the general advice that is ordinarily available to members of the public. 

IDCARE have expert Case Managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think you information may have been misused.  IDCARE’s services are at no cost to you. 

If you wish to speak with one of IDCARE's expert Case Managers please complete an online Get Help form at idcare.org or call 1800 595 160. 
Note IDCARE specialist Case Managers are available from 9am-6pm AEDT Monday to Friday excluding public holidays.  

When engaging IDCARE please use the referral code HWLEBS23.

If you have any questions about the incident, you can contact HWLE directly at hwlecyberhelp@hwle.com.au 

If you have any questions relating to your Hostplus member account, contact us on 1300 348 546 and quote your member number. 

Further information on online safety, cyber security and helpful tips to protect yourself and respond to scams, identity theft and other online risks, can be found at the following government agency websites:

• oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/
• cyber.gov.au/threats 
• scamwatch.gov.au/

If the member has not received contact from HWLE, it is unlikely that they have been affected. 

The HWLE data breach only impacted a small number of Hostplus members.