Australian Bank P&N was the recent victim of a cyber attack that occurred last December 12, 2019. Following the attack, customer information was left compromised in a data breach.
P&N is considered as the largest member-owned bank in the country. It is a financial services division of Polices and Nurses Limited, which currently operates in Western Australia.
ZD Net reports that the issue surfaced when Twitter user @vrNicknack, a security researcher, reached out to Troy Hunt. Hunt operates the search engine, Have I Been Pwned?
According to IT News, the criminal activity took place when the financial institution upgraded its server. The incident was reportedly done via a third-party firm which P&N hires for its hosting services, states chief executive officer Andrew Hadley.
As a result of the cyberattack posed against the institution, its customer relationship management system (CMS) was compromised. Data found within the server includes customer names, ages, contact numbers, and email addresses. Residential addressed, customer numbers, account numbers, and account balances were also in the CMS.
Despite the exposed information, Hadley maintains that other sensitive details remain safe from the attack. These include passwords, Social Security numbers, tax file numbers, driver’s licenses, passport information, dates of birth, and credit card numbers. Medical data are also not included in the breach.
Hadley states that the sensitive information was “completely isolated and separated from the impacted system.”
In light of these circumstances, the bank has been working hand in hand with the West Australian Police Force (WAPOL). P&N has also reached out for help to other federal agencies and authorities, notes ZD Net.
Apart from working with security agencies, the bank also addressed the incident. In a statement, the company said that “Upon becoming aware of the attack, we immediately shut down the source of the vulnerability.”
The chief executive officer of the firm reveals that customers have not lost funding from their respective accounts. Passwords also appear safe according to Hadley, states Which-50. However, Hadley advises users to keep vigilant and report any suspicious activity on their account.
When asked to comment when P&N first became aware of the incident, the institution reportedly declined to give a statement. The bank says that they cannot do so because a criminal investigation is currently underway, notes Which-50.
As of writing, the bank has yet to disclose the number of individuals affected by the security data breach. However, it sent a notice to around 96,000 customers last Wednesday, January 15, 2020.