Western Australia-based P&N Bank informed its customers of a data leak that happened on December 12, 2019, which exposed customers’ personally identifiable information (PII) and sensitive account information.
In an official notice, the financial services provider stated that the information breach occurred due to a cyberattack on its customer relationship management (CRM) platform during a server upgrade. However, the incident has not caused any loss of customer funds, customers’ credit card details, or banking passwords. Other data like driver’s license numbers, passport numbers, social security numbers, tax file numbers, or health data were not contained in the CRM, and hence not exposed.
The exposed information includes customer names, age details, residential addresses, email addresses, phone numbers, customer numbers, account numbers, and account balances.
P&N Bank was formerly known as the Police & Nurses Credit Society, hence most of the P&N Bank customers are police officers and nurses. P&N Bank stated that it is working with the Western Australian Police Force (WAPOL) and federal authorities to investigate the incident.
Describing the security incident, Andrew Hadley, CEO of P&N Bank, said, “Upon becoming aware of the attack, we immediately shut down the source of the vulnerability and have since been working closely with WAPOL, other federal authorities, our third-party IT provider involved, regulators and independent expert advisers to investigate and protect customers from any further risk. The safety and security of our members’ information and funds is our highest priority. Data protection continues to be a focus around the world, and financial systems will always present some degree of risk, so it is important to stress that in line with best practice, we have highly sophisticated security measures and controls in place to protect our customers’ accounts.”