{ "id": "f85fa052-4f81-46d4-a03d-0b7d03f40837", "created_at": "2026-04-06T02:10:47.020004Z", "updated_at": "2026-04-10T03:24:30.293167Z", "deleted_at": null, "sha1_hash": "7671c88d52c62498ad8fd51f18587cf746b4793a", "title": "Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2148294, "plain_text": "Customer-Owned Bank Informs 100k of Breach Exposing Account\r\nBalance, PII\r\nBy Ionut Ilascu\r\nPublished: 2020-01-16 · Archived: 2026-04-06 01:52:18 UTC\r\nP\u0026N Bank in Western Australia (WA) is informing its customers that hackers may have accessed personal information\r\nstored on its systems following a cyber attack.\r\nThe data, some of it sensitive in nature, was stored on the bank’s customer relationship management (CRM) platform that is\r\ncompletely separated from the core banking system.\r\nPlenty of info exposed\r\nA division of Police \u0026 Nurses Limited, P\u0026N Bank operates under a Operating under a customer-owned or mutual model,\r\nwhich does not distinguish between members and shareholders as they are one and the same. It is the largest of its kind in\r\nthe state.\r\nhttps://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe financial organization says in the breach notification sent to customers that the compromised system contained the\r\nfollowing information: names, addresses, emails, age, customer and account numbers, as well as the account balance. All\r\nthis counts as personally identifiable information that is protected under the Privacy Act in Australia.\r\nFunds, social security numbers, and data in identification documents (driver’s license, passport) were stored on a different\r\nsystem and are safe.\r\nAs many as 100,000 individuals may be impacted by the incident, which was labeled as “sophisticated” by Andrew Hadley,\r\nthe bank’s chief executive officer.\r\nThe attack did not target P\u0026N Bank directly. It occurred during a server upgrade around December 12, 2019, at a third-party\r\nthat was offering hosting services to the organization.\r\nIn a statement for The West Australian, Hadley says that one of the Big Four accounting firms (Deloitte,\r\nPricewaterhouseCoopers, Ernst \u0026 Young or KPMG) has been commissioned to audit the bank’s IT systems.\r\n“Upon becoming aware of the attack, we immediately shut down the source of the vulnerability,” the bank wrote to\r\ncustomers. The West Australian Police (WAPOL) and federal authorities are on the case.\r\nIn the time since discovering the attack and informing its customers, the bank assessed the extent of the incident and allowed\r\nthe police investigation to develop without alerting the intruder.\r\nP\u0026N Bank assures its customers that protecting their information and funds is a priority, stressing that accounts are kept safe\r\nwith \"highly sophisticated security measures and controls.\"\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/\r\nPage 3 of 4\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/\r\nhttps://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/" ], "report_names": [ "customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775441447, "ts_updated_at": 1775791470, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7671c88d52c62498ad8fd51f18587cf746b4793a.pdf", "text": "https://archive.orkl.eu/7671c88d52c62498ad8fd51f18587cf746b4793a.txt", "img": "https://archive.orkl.eu/7671c88d52c62498ad8fd51f18587cf746b4793a.jpg" } }