P&N Bank, a community-owned bank serving Western Australia, has suffered a data breach with customer data stolen.

The hack took place Dec. 12 during a server upgrade on an outside hosting service. The data stolen included customer names and ages, residential addresses, email addresses, phone numbers, customer numbers, account numbers and account balances. The bank noted that no passwords or credit card numbers were stolen.

The bank, previously called the Police & Nurses Credit Society, has about 96,000 members, many of them police and nurses, although the bank provides services to the public at large.

Affected customers were informed by email of the breach Wednesday. Australia doesn’t have the same disclosure laws as in Europe, which has the comprehensive European Union General Data Protection Regulation, but taking an entire month to inform customers is not a great business practice anywhere.

Western Australia Police, federal authorities and regulators and an outside information technology specialist are investigating the breach.

“The financial industry is one of the largest targets for cybercriminals and unfortunately, breached data from those types of organizations can be damaging for years to come,” Stephan Chenette, co-founder and chief technology officer at cybersecurity firm AttackIQ Inc., told SiliconANGLE. “The complete set of personally identifiable information hacked can now be bought and sold for top dollar on the dark web, further exposing the account holders to future fraud or phishing attacks.

Chenette said organizations must take proactive approaches to protect their data, including mapping organizational capabilities and security controls to specific attack scenarios to measure their preparedness to detect, prevent and respond to these threats.

James Carder, chief security officer and vice president of LogRhythm Labs, noted that the bank didn’t have the visibility necessary to ensure that the third party had the proper security controls and processes in place to protect the data. “Even if the breach was caused by the third party, the financial institutions’ brand image and accountability are still directly associated with their customers,” he said.

Photo: P&N Bank