UniSuper members regain access to accounts


UniSuper has commenced the restoration of its services following a week in which some members were unable to access their accounts.

The Australian Prudential Regulation Authority (APRA) also confirmed that it is monitoring the situation which arose when the fund's private cloud was inadvertently deleted.

In a brief statement to Money sister publication, Financial Standard, on Thursday, APRA confirmed that it was "aware of the system outage affecting services and is continuing to monitor the situation."


It also cited a speech delivered by Therese McCarthy Hockey in August of last year on the regulator's expectations in relation to Prudential Standard CPS 230 Operational Risk Management, which all APRA-regulated entities must comply with from 1 July 2025.

"Perhaps the most significant change introduced by our new standard is the requirement for an end-to-end view of operational risk, with a focus on critical operations, including those performed by third and fourth parties.

"APRA-regulated entities will no longer need to simply be aware of their own internal operational vulnerabilities and have plans to mitigate them. From 1 July 2025, they must have the same level of understanding of their most critical third-party service providers - as well as their most critical fourth-party service providers.

"An insurer may not be directly responsible for its website going offline when a network gateway fails, but it will be responsible for the outcome - which is the inability of customers to lodge claims or access other services."

Meanwhile, the Australian Securities and Investments Commission (ASIC) noted that the matter "predominantly concerns APRA," but offered a general comment on member services failures from a spokesperson.

"Member services failures are an enforcement priority for ASIC, we expect trustees to communicate proactively with members, deal responsibly with members' money, and deliver good value for money. This is regardless of the phase of membership of the member.

"Through our surveillance and enforcement work over recent years it has become increasingly clear that in many cases member services provided by superannuation funds are falling short of these expectations. In particular, we have observed that services are too often slow, unresponsive, and not member focused."

The latest update provided by UniSuper on Thursday confirmed that members were able to login to their accounts once again.

Account balances were also being displayed as of the current date, though UniSuper stated that they wouldn't reflect any transactions that hadn't yet been processed as a result of the outage.

Peter Chun, UniSuper's chief executive, stated that the fund was making every effort to get its systems back online as quickly as possible without compromising safety or security.

"We are conducting rigorous systems testing to ensure that once services are online, they will be stable."

In a joint statement, Chun and Google Cloud chief executive Thomas Kurian said Google Cloud has now confirmed the outage is the result of "an unprecedented sequence of events whereby an inadvertent misconfiguration during provisioning of UniSuper's private cloud services ultimately resulted in the deletion of UniSuper's private cloud subscription."

Google Cloud described the situation as a 'one-of-a-kind occurrence' and said it has never previously happened with any of its clients globally.

As for why the outage, which has been ongoing for more than ten days now, has lasted so long, they explained that UniSuper had duplication in two geographies to guard against outages and loss.

"However, when the deletion of UniSuper's private cloud subscription occurred, it caused deletion across both of these geographies.

"Restoring UniSuper's private cloud instance has called for an incredible amount of focus, effort, and partnership between our teams to enable an extensive recovery of all the core systems.

"The dedication and collaboration between UniSuper and Google Cloud has led to an extensive recovery of our private cloud which includes hundreds of virtual machines, databases and applications."

UniSuper explained that it had backups in place with another service provider, which minimised data loss, and "significantly improved the ability of UniSuper and Google Cloud to complete the restoration."

In a further statement to Financial Standard, UniSuper reported that its member data was safe and that no data had been exposed to unauthorised third parties.

"We have encountered absolutely minimal data loss during our progressive restoration of services, with this data being predominately related to our internal operating processes.

"Members can be assured all member data is rigorously backed up and these backups are secure. UniSuper does not expect this to have any impact on members."

This article first appeared on Financial Standard

Get stories like this in our newsletters.

Related Stories


Jamie Williamson is editor of Financial Standard. Prior to this she was a senior journalist, covering wealth management including financial advice, superannuation and life insurance. Before turning to journalism, she worked in public relations, specialising in financial services. She has a Bachelor's degree in communications from the University of Newcastle.