P&N Bank Disclosed Data Breach Affecting Numerous Customers

An Australian bank has recently fallen victim to a cyber attack. The P&N bank disclosed a data breach that took place via its CRM. As a result, the incident exposed sensitive personal and financial data of the customers to the attackers.

P&N Bank Revealed Data Breach

Reportedly, the Australia-based P&N bank suffered a data breach in December 2019. The incident happened during a server upgrade where the criminals managed to access their systems.

The news surfaced online after a security researcher with alias Nick shared a letter from the bank in his tweet.

As evident from the letter, the bank disclosed that the criminal activity happened around December 12, 2019.

The criminal activity took place around 12 December 2019, via an attack during a server upgrade, on a third-party company that P&N Bank engages to provide hosting services.

Consequently, the incident exposed personal and financial information of the customers to the attackers. Presently, the Bank has not specified any number of customers affected during the incident.

Whereas, regarding the breached data, their letter states,

Data stored in this particular system contains: names, address, email, phone number, customer number, age, account number, account balance and other non-sensitive information that could be included in our records of interaction with you.

They assured that the sensitive data remained safe, such as the password, date of birth, Driver’s license number, Social Security number, passport number, Tax File number, credit card number, or health data.

P&N Bank Took Security Measures

Upon noticing the breach, the Bank authorities quickly rectified the flaw and involved security agencies for investigations. They have assured that they are working closely with the West Australian Police Force (WAPOL), federal authorities, and a third-party IT provider.

They also confirmed that the incident did not affect the core banking services. The attack neither affected any customer funds or passwords. Nor did it allow access to credit card details.

As a precaution, they have asked all the customers to vigilantly monitor their bank accounts for any suspicious transactions.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients