P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, suffered a data breach and is reporting the incident to its customers, attackers have accessed personally identifiable information (PII) and sensitive account data.
According to The West Australian website, hackers have stolen personal information from 100,000 West Australians in the cyber attack.
P&N Bank confirmed that intruders accessed names, addresses, email addresses, phone numbers, customer numbers, ages, account numbers, and account balances. The bank pointed out that passwords, Social Security numbers, Tax file numbers, driver’s license or passport details, credit card numbers, and dates of birth have not been exposed.
P&N Bank sent a data breach notification to its customers and reported the incident to law enforcement. The incident notice impacted the customer relationship management (CRM) platform, according to the bank “certain personal information […] appears to have been accessed as a result of online criminal activity.”
The cyber attack took place around December 12, when the financial institution was performing a server upgrade. Hackers likely targeted a third party company that the Bank hired to provide hosting services.
The bank announced to have locked out the attackers and solved the flaw exploited by attackers.
“Upon becoming aware of the attack, we immediately shut down the source of the vulnerability, and have since been working closely with WAPOL, other federal authorities, our third-party IT provider involved, regulators” continues the data breach notification.
The bank hired external experts to help it in investigating the incident.
P&N Bank highlighted that there is no evidence of customer accounts or funds being compromised.