The CEO of P&N Bank has issued an apology over a data breach involving the West Australian bank’s customer relationship system which exposed personal identifying information of customers, including names, addresses, age, and account balances.
The bank today revealed “criminal activity took place around 12 December 2019” during a server upgrade on a third party hosting service, and it is now working with WA police and federal authorities.
Upon becoming aware of the attack, P&N says it “immediately shut down the source of the vulnerability”.
The bank declined to comment on when it first became aware of the breach or how many customers had been impacted, saying it will not comment further because a criminal investigation is ongoing.
The West Australian reports the breach may have impacted 100,000 local customers.
P&N CEO Andrew Hadley emailed customers earlier in the week about the incident and today published the message in full online.
“We are treating this information breach extremely seriously, and while we believe no-one has been exposed to financial risk, I do wish to convey my deepest and sincere apologies for any concern that may be caused,” Hadley wrote.
According to Hadley’s statement, the data stored in the exposed system includes customer name, address, email, phone number, customer number, age, account number, account balance and “other non-sensitive information that could be included in our records of interactions with customers”.
Hadley says the data does not include passwords, driver licence numbers, passport numbers, tax file numbers, credit card numbers, or “any other sensitive or health information”.
The CEO also stressed his company’s core banking systems are isolated and he is confident customers haven’t lost funds or had passwords compromised.
Hadley advised customers to “remain vigilant when interacting with organisations, particularly if they seem suspicious” but indicated no additional action is required from customers.