P&N Bank has apprised customers of a data breach that lead to a huge amount of important information being affected.
According to data shared on Twitter by Australian security resarcher @vrNicknack, the event happened on December 12, 2019, during a server upgrade on a third-party hosting provider.
P&N has since confirmed the event.
The Australian bank, a division of Police & Nurses Limited, apprised customers that unidentified threat actors managed to access private information stored within its customer relationship management (CRM) system.
P&N says in the notice that the compromised system stockpiled huge personally identifiable information (PII), in addition to other sensitive data, including names, addresses, email addresses, phone numbers, customer numbers, age, account numbers and balance, and other details.
A P&N spokesperson said that no customer bank accounts were ever accessed by the attackers in this event.
“Upon becoming aware of the attack, we immediately shut down the source of the vulnerability,” P&N divulges.
The bank also says that, since its main banking system is totally inaccessible from the impacted system, the data breach did not cause the loss of customer resources, that credit card details were not accessed, and that banking passwords were not uncovered.
P&N told customers it has already apprised authorities about the incident. The bank says it has been working with West Australian Police Force (WAPOL), the involved hosting provider, expert consultants, and regulators on examining the breach.
The bank still has not provided information on the type of attack it suffered and the number of affected customers.