P&N Bank is informing customers of a data breach in which personally identifiable information (PII) and sensitive account information was exposed.
P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, sent the notice which warned of an “information breach” occurring through its customer relationship management (CRM) platform.
The financial services organization said “certain personal information […] appears to have been accessed as a result of online criminal activity.”
On or around December 12, the bank was performing a server upgrade and it is at this point the cyberattack took place. It is believed that a company P&N Bank hired to provide hosting was the entry point.
P&N Bank says that names, addresses, email addresses, phone numbers, customer numbers, ages, account numbers, and account balances may have been compromised. Information “that could be included in our records of interactions” with customers may have also leaked.
Passwords, Social Security numbers, Tax file numbers, driver’s license or passport details, credit card numbers, and dates of birth have not been included in the breach, nor has any other “sensitive” information such as medical data.
It is not yet known how many customers have been affected.
TechRepublic: What to do if you’re still running Windows 7
“Upon becoming aware of the attack, we immediately shut down the source of the vulnerability,” the company added.
P&N Bank is keen to emphasize in the notice that at present there is no evidence of customer accounts or funds being compromised, and is “treating this information breach extremely seriously.”
P&N Bank says it is working with the West Australian Police Force (WAPOL) and other federal authorities.
ZDNet has reached out to P&N Bank with additional queries and will update when we hear back.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0