P&N Bank in Western Australia (WA) is informing its customers that hackers may have accessed personal information stored on its systems following a cyberattack.
The data, some of it sensitive in nature, was stored on the bank’s customer relationship management (CRM) platform that is completely separated from the core banking system.
The financial organisation says in the breach notification sent to customers that the compromised system contained the following information: names, addresses, emails, age, customer and account numbers, as well as the account balance.
All this counts as personally identifiable information that is protected under the Privacy Act in Australia.
Funds, social security numbers, and data in identification documents (driver’s license, passport) were stored on a different system and are safe.
As many as 100,000 individuals may be impacted by the incident, which was labelled as “sophisticated” where the attack did not target P&N Bank directly. It occurred during a server upgrade around December 12, 2019, at a third-party that was offering hosting services to the organization.