14 DAY TRIAL // P&N Bank, which is the largest member-owned bank in Western Australia, confirmed that its CRM system was accessed by hackers following a breach that occurred on December 12, 2019.
The bank also acknowledged that personal customer information stored on this system has also been exposed, including name, address, email, phone number, customer number, age, account number, and account balance.
However, in a statement released today, P&N Bank says that passwords, driver’s license number, password number, social security number, credit card number, birthdates, and health information was stored on a different system, therefore it wasn’t accessed following the breach.
Andrew Hadley, Chief Executive Officer of P&N Bank, says the incident happened when the bank was performing an upgrade to a server operated by a third-party hosting company.
“Upon becoming aware of the attack, we immediately shut down the source of the vulnerability and have since been working closely with WAPOL, other federal authorities, our third-party IT provider involved, regulators and independent expert advisers to investigate and protect customers from any further risk,” Hadley explains.
Police investigation under way
The bank is already working with law enforcement to further investigate the incident.
“P&N Bank is working closely with the West Australian Police Force (WAPOL) and relevant federal authorities following an incident in which certain personal information (data) housed within its customer relationship management system appears to have been accessed, as a result of online criminal activity,” the CEO continued.
P&N Bank says no customer should be exposed to unauthorized access to customer funds or credit card details, as such information was stored on a machine “completely isolated and separate from the impacted system.”
Obviously, customers are still recommended to keep an eye on their accounts and reach out to the bank at 13 25 77 or [email protected] should they notice any unusual activity.