Customer data was stored on the bank's customer management (CRM) platform. This platform is not connected to the central bank system.
Violation of a large volume of information
P&N Bank is one customer-owned bank. This means that customers are essentially the shareholders of the bank. It is the largest bank of its kind in the West Australia.
According to the financial statement issued by the financial institution, the infringing systems contained the following information: names, addresses, emails, age, account numbers, account balance. This information is considered very personal and should be protected under the Australian Privacy Act.
According to the bank, funds, social security numbers and some data that are associated with identity documents (driving license, passport) is safe, as they were stored on a different system.
The bank's chief executive, Andrew Hadley, said the hacking incident was quite complicated and may have affected over 100.000 people.
The hackers did not directly target P&N Bank. It was done through a third company that offers hosting services at the bank.
Hadley said large companies have been hired to control the bank's IT systems since the incident.
The bank says it immediately shut down the vulnerable systems as soon as it learned about it attack. The Police of Western Australia (WAPOL) and federal authorities are already investigating the case.
P&N Bank assures its customers that their accounts are secure, as used "highly sophisticated security measures and controls".