Statement from the CEO – information breach

What has happened?

P&N Bank is working closely with the West Australian Police Force (WAPOL) and relevant federal authorities following an incident in which certain personal information (data) housed within its customer relationship management system appears to have been accessed, as a result of online criminal activity.  

What data is stored in the system?

Data stored in this particular system contains; name, address, email, phone number, customer number, age, account number, account balance and other non-sensitive information that could be included in our records of interactions with customers. 

What data is NOT in the system?

The information stored in this system does not contain; passwords or other information such as Driver’s License number, Passport number, Social Security number, Tax File number, Credit Card number, birthdate, or any other sensitive or health information.

What does this mean?

P&N Bank’s core banking system is completely isolated and separate from the impacted system, so we can be confident this incident;

1. Has NOT caused the loss of any customer funds;
2. Has NOT enabled third parties to access customer credit card details; and
3. Has NOT compromised any banking passwords.

We are treating this information breach extremely seriously, and while we believe no-one has been exposed to financial risk, I do wish to convey my deepest and sincere apologies for any concern that may be caused. 

How did this occur and what have we done?

The criminal activity took place around 12 December 2019, via an attack during a server upgrade, on a third party company that P&N Bank engages to provide hosting services.  Upon becoming aware of the attack, we immediately shut down the source of the vulnerability and have since been working closely with WAPOL, other federal authorities, our third-party IT provider involved, regulators and independent expert advisers to investigate and protect customers from any further risk.

What do you need to do?

As always, you should remain vigilant when interacting with organisations, particularly if they seem suspicious. We recommend that you follow the usual advice about keeping yourself safe from cyber criminals and phishing attacks by visiting How to Stay Safe Online.

The safety and security of our members’ information and funds is our highest priority.  Data protection continues to be a focus around the world, and financial systems will always present some degree of risk, so it is important to stress that in line with best practice, we have highly sophisticated security measures and controls in place to protect our customers’ accounts.

Again, I wish to offer my sincere apologies.  If you need additional information, please do not hesitate to contact us on 13 25 77, or email us at [email protected].

Andrew Hadley - Chief Executive Officer