P&N Bank reveals customer data accessed in data breach
Australia-based P&N Bank has revealed the details of a data breach which caused customers’ personally identifiable information (PII) and sensitive account details to be exposed to cybercriminals.
According to a statement from Andrew Hadley, CEO of the bank, the breach occurred on 12 December 2019 during a server upgrade.
Hadley wrote in an email to the bank’s 96,000 members that none of the data affected by the breach contained password, licences, passport numbers, social security numbers, tax details or birth dates.
Names, addresses, email addresses, phone numbers, ages, and bank balances may have been leaked in the breach.
The fault lies with a third party which the bank uses to provide hosting services, writes Hadley. “Upon becoming aware of the attack, we immediately shut down the source of the vulnerability.”
Related: Australia delays open banking regulations due to cybersecurity fears
The bank has been in contact with the West Australian Police Force (WAPOL) and “relevant federal authorities”. It has yet to reveal how many customers have been affected, or the exact nature of the data breach.
P&N Bank is a division of Police & Nurses Credit Society, and offers retail banking, insurance and financial planning services. It operates 14 branches in Western Australia and employs around 330 people.
By dint of its origins a large proportion of the banks’ members are either medical workers or in law enforcement.
FinTech Futures has contacted P&N Bank for more information.