[BreachExchange] P&N Bank Disclosed Data Breach Affecting Numerous Customers Attribution link

Fri Jan 17 10:33:49 EST 2020

https://latesthackingnews.com/2020/01/17/pn-bank-disclosed-data-breach-affecting-numerous-customers/

An Australian bank has recently fallen victim to a cyber attack. The
P&N bank disclosed a data breach that took place via its CRM. As a
result, the incident exposed sensitive personal and financial data of
the customers to the attackers.

P&N Bank Revealed Data Breach Reportedly, the Australia-based P&N bank
suffered a data breach in December 2019. The incident happened during
a server upgrade where the criminals managed to access their systems.

The news surfaced online after a security researcher with alias Nick
shared a letter from the bank in his tweet. As evident from the
letter, the bank disclosed that the criminal activity happened around
December 12, 2019. The criminal activity took place around 12 December
2019, via an attack during a server upgrade, on a third-party company
that P&N Bank engages to provide hosting services.

Consequently, the incident exposed personal and financial information
of the customers to the attackers. Presently, the Bank has not
specified any number of customers affected during the incident.
Whereas, regarding the breached data, their letter states, Data stored
in this particular system contains: names, address, email, phone
number, customer number, age, account number, account balance and
other non-sensitive information that could be included in our records
of interaction with you.

They assured that the sensitive data remained safe, such as the
password, date of birth, Driver’s license number, Social Security
number, passport number, Tax File number, credit card number, or
health data.

P&N Bank Took Security Measures Upon noticing the breach, the Bank
authorities quickly rectified the flaw and involved security agencies
for investigations. They have assured that they are working closely
with the West Australian Police Force (WAPOL), federal authorities,
and a third-party IT provider.

They also confirmed that the incident did not affect the core banking
services. The attack neither affected any customer funds or passwords.
Nor did it allow access to credit card details.

As a precaution, they have asked all the customers to vigilantly
monitor their bank accounts for any suspicious transactions.