P&N Bank discloses data breach, customer account information, balances exposed

The Australian bank says a cyberattack took place during a server upgrade.

What happens after a data breach in a major company? Nothing good, says Wall Street

P&N Bank is informing customers of a data breach in which personally identifiable information (PII) and sensitive account information was exposed.

On Wednesday, a security researcher going under the Twitter handle @vrNicknack pinged Troy Hunt, the operator of the Have I Been Pwned? search engine, with a notice he had received from the bank. 

P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, sent the notice which warned of an "information breach" occurring through its customer relationship management (CRM) platform.

See also: Study says Grindr, OkCupid, and Tinder breach GDPR

The financial services organization said "certain personal information [...] appears to have been accessed as a result of online criminal activity."

On or around December 12, the bank was performing a server upgrade and it is at this point the cyberattack took place. It is believed that a company P&N Bank hired to provide hosting was the entry point.

CNET: Verizon launches privacy-focused search engine called OneSearch

P&N Bank says that names, addresses, email addresses, phone numbers, customer numbers, ages, account numbers, and account balances may have been compromised. Information "that could be included in our records of interactions" with customers may have also leaked. 

Passwords, Social Security numbers, Tax file numbers, driver's license or passport details, credit card numbers, and dates of birth have not been included in the breach, nor has any other "sensitive" information such as medical data. 

It is not yet known how many customers have been affected. 

TechRepublic: What to do if you're still running Windows 7

"Upon becoming aware of the attack, we immediately shut down the source of the vulnerability," the company added. 

P&N Bank is keen to emphasize in the notice that at present there is no evidence of customer accounts or funds being compromised, and is "treating this information breach extremely seriously."

P&N Bank says it is working with the West Australian Police Force (WAPOL) and other federal authorities.

ZDNet has reached out to P&N Bank with additional queries and will update when we hear back. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0