Australian bank P&N leaked its customers’ personal information

Network security specialists report that P&N Bank, a banking institution operating in Western Australia, has fallen victim of a data breach that has compromised the personal and financial information of its customers. Bank staff is already notifying all potentially affected clients.

Local media initially reported that a hacker group managed to access the personal information of at least 100,000 Australian citizens as a result of this security incident, although official confirmation from the bank was still lacking.

Eventually P&N Bank confirmed that a group of threat actors accessed sensitive user information, including details such as:

  • Full names
  • Email addresses
  • Phone numbers
  • Account numbers
  • Current account balance

In addition, bank officials claim that other details, such as social security numbers, driver’s license key, passport number, credit card details, among others, were not exposed during the incident.

After confirming the data breach, P&N Bnak began notifying its customers and authorities of the incident. In their notification, bank officials mention that threat actors compromised the customer service system.

The cyberattack appeared to have occurred on the morning of December 12, 2019, while the bank’s network security team was performing an update to its servers. Hackers may have attacked a bank contractor who provides hosting services to complete the attack.

As a security measure, the bank announced the closure of some systems, among other procedures: “After detecting the attack, the security weakness was corrected immediately. We continue to monitor our networks for signs of suspicious activity,” the bank’s message says.

In addition, P&N Bank announced that it will have the collaboration of a prestigious security firm in the investigation of the incident. The bank concluded its message by ensuring that, so far, there is no evidence of theft of client funds or unauthorized transfers.

Network security experts at the International Institute of Cyber Security (IICS) recommend users monitor their bank statements to prevent potential fraud attempts, as well as activate SMS notifications from their account and notify institution any suspicious activity.