- An undisclosed number of customers of the P&N Bank have been compromised by a data breach.
- The incident occurred on the server of the hosting provider of the bank and during maintenance.
- Various types of sensitive data were accessed, but passwords and credit card numbers are safe.
P&N Bank, Australia’s largest financial institution has announced a catastrophic data breach that exposed sensitive financial information. The bank has released a statement detailing an incident that occurred back on December 12, 2019, and which happened during a server upgrade of a third-party company that provides hosting services to them. P&N hasn’t clarified how many customers are affected by this breach, but they have already informed the West Australian Police Force and all of the relevant data protection authorities about the incident. Right now, the investigation is still ongoing, so there aren’t many details out yet.
The P&N Bank was limited to the determination of what could have been leaked, and what couldn’t have been exposed as a result of this incident. As they point out, the information that is stored in their systems includes customer names, addresses, emails, phone numbers, age, bank account numbers, and bank account balance. Thus, these could have been accessed by malicious parties and leaked. What is not stored and could not have been compromised is the users’ passwords, the Driver’s License numbers, passport number, Social Security number, Tax File Number, Credit Card Number, and birth date.
P&N also clarifies that their central banking system is completely isolated and has no connection with the impacted server, so customers shouldn’t be afraid of losing funds, passwords, or credit card details. While the incident was very serious, it isn’t bringing the bank’s services down nor is it risking the loss of financial resources for them or their customers. Right now, the focus of the institute is to conclude the investigation which will help them determine the exact number of the affected individuals, as well as what exactly the hackers managed to do when they accessed the server.
Until this is over, customers are advised to be careful with any unsolicited messages that they may receive via email or phone, and report any suspicious acts to the bank. To do this, call on ‘132577’ or email at ‘[email protected]’. While this was a fault of a contractor of the bank, it is the latter who is called to carry the weight of the incident and provide support to the affected individuals. As for the authorities, we hope that they will get to the bottom of this, forcing the organization to focus on proactive action next time.