Website of Belgian pension fund Ogeo hacked
The website of Belgian pension fund Ogeo Fund was hacked yesterday, apparently targeted for containing the word “fund”.
The site was hacked such that visitors were confronted with pornographic images, according to a report in the Belgian press that was confirmed by an Ogeo spokeswoman.
The €1.1bn multi-employer first pillar pension fund filed a complaint and asked a bailiff to confirm the piracy, according to the media report.
The website was unavailable for several hours yesterday, but was back online this morning.
A spokeswoman for the fund told IPE that Indonesian hackers were believed to be responsible for the act, and would have targeted Ogeo’s website because it contained the word “fund”.
The Belgian media report raised the question of whether the attack could have anything to do with what has become known as the Publifin scandal in Belgium. Belgian media have this year reported on an investigation into inappropriate payments to public officials sitting on sector committees of Publifin, a Belgian inter-municipal electricity and telecommunications company.
Stéphane Moreau, chairman of Ogeo Fund’s executive committee, is also chief executive of Nethys, a subsidiary of Publifin.
However, the spokeswoman for Ogeo Fund said that the hacking of its website did not appear to have anything to do with the Publifin affair. She emphasised that the source and motivation for the hacking had not been established for certain.
Cybercrime has risen up the agenda of risks that specialists are advising pension funds to be prepared for.
In a blog post aimed at UK occupational pension schemes, Peter Sparshott, partner at PwC, earlier this year said that pension schemes were an attractive target for cyber criminals. He said the pensions industry had been slower than many other financial services institutions to address the threat.
There is a regulatory imperative to address cybersecurity risks – stemming from the European Union General Data Protection Regulation – but also simply because otherwise “a major attack is almost inevitable”.
“That might mean a serious breach of data security, in which members’ bank details are stolen; it could mean the loss of assets through, for example, a systematic programme of fraudulent transfer requests that goes undetected for years or even decades until members seek to retire,” he said.
Trustees should elevate cyber security to an agenda item that ranks alongside discussions about deficits, investment strategy and other priorities, Sparshott said.