P&N Bank Information Breach

by Sabe Barker

Posted on 15 January 2020

The P&N Bank has emailed customers today regarding an information breach of it's customers through their relationship management system containing sensitive and non-sensitive customer data.

The email states that P&N are “working closely with the West Australian Police Force (WAPOL) and relevant federal authorities” to investigate the online criminal activity.

The breach occured around the 12 December 2019 via an attack during a server upgrade.

Customers are being urged to stay vigilant as this data will undoubtedly be used in banking scams in the near future.

P&N Bank Information Breach Email Screenshot

What data has been compromised?

P&N mentions that the data pertaining to the breached systems contained personal information such as customers names, addresses, emails, phone numbers as well as their customer number, age, account number and account balance.

Which is quite the list!

Other “non-sensitive” information was also compromised but the exact data has not been disclosed. This may be in reference to customer notes that are taken by P&N representatives during customer phone calls since it was their customer relationship management system that was breached which usually contains such information.

However, customers may have something to say about that apparently being “non-sensitive” information.

What data has not been compromised?

P&N goes on to explain that customers passwords, Driver’s License numbers, Passport numbers, Social Security numbers, Tax File numbers, Credit Card numbers, birthdates, or any other sensitive or health information was not compromised.

They go on to state that the breach has not caused the loss of any customer funds, nor enabled third parties to access customer credit card details and that banking passwords have not been compromised.

Disclosure

A question that should be asked is whether customer respresentative notes taken during customer calls were indeed on the compromised systems as sensitive information may have inadvertently been placed in notes which could possibly be things like health information. Such information could cause issues for customers both professionally and personally if that data was to be exposed.

One thing is for sure. P&N Customers can expect a flood of spam letters, emails and calls using an abundance of accurate personal information. This will certainly make it hard for some customers to recognise a scam. Hopefully P&N is ready for more than a few irrate customers.