P&N Bank discloses data breach, customer account information, balances exposed
The Australian P&N Bank is notifying its customers a data breach that has exposed personally identifiable information (PII) and sensitive account data.
P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, suffered a data breach and is reporting the incident to its customers, attackers have accessed personally identifiable information (PII) and sensitive account data.
P&N Bank confirmed that intruders accessed names, addresses, email addresses, phone numbers, customer numbers, ages, account numbers, and account balances. The bank pointed out that passwords, Social Security numbers, Tax file numbers, driver’s license or passport details, credit card numbers, and dates of birth have not been exposed.
P&N Bank sent a data breach notification to its customers and reported the incident to law enforcement. The incident notice impacted the customer relationship management (CRM) platform, according to the bank “certain personal information […] appears to have been accessed as a result of online criminal activity.”
The cyber attack took place around December 12, when the financial institution was performing a server upgrade. Hackers likely targeted a third party company that the Bank hired to provide hosting services.
The bank announced to have locked out the attackers and solved the flaw exploited by attackers.
“Upon becoming aware of the attack, we immediately shut down the source of the vulnerability, and have since been working closely with WAPOL, other federal authorities, our third-party IT provider involved, regulators” continues the data breach notification.
The bank hired external experts to help it in investigating the incident.
P&N Bank highlighted that there is no evidence of customer accounts or funds being compromised.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.