Security Expert On P&N Bank Breach

P&N‌ Bank in West Australia (WA) is informing its customers that hackers may have accessed personal information stored on its systems following a cyber attack.

The financial organisation says in the breach notification sent to customers that the compromised system contained the following information: names, addresses, emails, age, customer and account numbers, as well as the account balance. All this counts as personally identifiable information that is protected under the Privacy Act in Australia. As many as 100,000 individuals may be impacted by the incident, which was labelled as “sophisticated” by Andrew Hadley, the bank’s chief executive officer. The attack did not target P&N‌ Bank directly. It occurred during a server upgrade around December 12, 2019, at a third-party that was offering hosting services to the organisation.

Funds, social security numbers, and data in identification documents (driver’s license, passport) were stored on a different system and are safe.


EXPERTS COMMENTS
Kayla Gesek, Product Manager ,  OneLogin
January 17, 2020
It’s unfortunate that P&N fell victim to an attack like this, but it’s all too common these days.
It’s unfortunate that P&N fell victim to an attack like this, but it’s all too common these days. The best thing victims can do to protect from further abuse is make sure they have 2-factor authentication enabled, especially for sensitive information like banking data. Also, they should create a habit of using unique passwords. This will help from impacting any other accounts where they may ha ....
[Read More >>]
Hugo Van den Toorn, Manager, Offensive Security ,  Outpost24
January 16, 2020
Despite any precautions, the matter of the fact remains that no matter how secure an organisation is.
This again emphasises the importance of ensuring that our third-party vendors live up to our own organisation’s security standards. Your own organisation might be well secured, but if sensitive data is processed and stored elsewhere, the third party’s security should at least match your organisation’s security standards. Despite any precautions, the matter of the fact remains that no matter ....
[Read More >>]
Elad Shapira, Head of Research,  Panorays
January 16, 2020
The cyber incident at P&N Bank illustrates how organizations can be susceptible to data breaches through their third parties.
The cyber incident at P&N Bank illustrates how organizations can be susceptible to data breaches through their third parties. In this case, the bank was performing a server upgrade when attackers stole data through a hosting provider. As a result, customer information such as names, addresses, email addresses, account numbers and balances may have been compromised. Cyberattacks such as this one, d ....
[Read More >>]
Robert Capps, VP ,  NuData Security
January 16, 2020
Hackers are not able to mimic inherent user behavior online, making stolen credentials valueless.
With the data stolen, customers are the primary targets for cybercriminals, who will use their information to take over accounts the victims have with other online companies. There is also the risk of impersonation by bad actors who will create new accounts with the victim’s information or open up new credit lines. With even SIN numbers stolen, companies and government services need to step up t ....
[Read More >>]
James Carder, Chief Information Security Officer & Vice President,  LogRhythm Labs
January 16, 2020
Organizations need to include security controls and protections within contracts when partnering with third parties.
In 2019, cyberattacks hit financial services firms 300 times more than other companies in the past year, according to a 2019 report from Boston Consulting Group (BCG). Financial institutions continue to be a very attractive target for cyber criminals due to the large amounts of sensitive customer data collected and stored. Banks, such as P&N, must be aware of the evolving types of threats and the ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article