Content

Aussie P&N bank suffers data breach

The Australian P&N Bank reported a data breach that exposed detailed and sensitive financial information on an unspecified number of customers.

Access was gained on December 12 to the bank’s customer relationship management system, which is operated by a third-party hosting firm, was undergoing an upgrade. Details on how it was accessed were not revealed, but P&N said once the breach was noticed the system in question was immediately shut down.

The information included name, address, email, phone number, customer number, age, account number and account balance. Additional pieces of what P&N considers non-sensitive data, such as interactions between the bank and its customers, was also located on the breached system.

“Organizations must take proactive approaches to protect their data. This should include mapping organizational capabilities and security controls to specific attack scenarios to measure their preparedness to detect, prevent and respond to these threats. Additionally, organizations should do their due diligence in ensuring third-party partners are practicing adequate security measures and extend testing to partners as well,” said Stephan Chenette, co-founder and CTO at AttackIQ.

Driver’s license, passport, Social Security, tax file, credit card numbers, birthdate and health information in the bank’s possession was not accessed.

“P&N Bank’s core banking system is completely isolated and separate from the impacted system, so we can be confident this incident,” the bank said in a statement, adding the incident has not caused the loss of any customer funds nor enabled third parties to access customer credit card details and all banking passwords are safe.

Access was gained on December 12 when the system, which is operated by a third-party hosting firm, was undergoing an upgrade. Details on how it was accessed were not revealed, but P&N said once the breach was noticed the system in question was immediately shut down.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds