Australia's P&N Bank has had it customer relationship management system raided by hackers, putting at risk the personal information of some 96,000 members.

The pwning of the bank's CRM system happened during a server upgrade in December. Data stored in the system includes name, address, email, phone number, customer number, age, account number, and account balance.

The bank says more sensitive data such as passwords, passport details, social security and credit card numbers and birthdates have not been compromised.

P&N Bank is blaming the security lapse on a third party hosting firm hired during the server upgrade.

In a statement, bank CEO Andrew Hadley, says: "Upon becoming aware of the attack, we immediately shut down the source of the vulnerability and have since been working closely with the the West Australian Police Force, other federal authorities, our third-party IT provider involved, regulators and independent expert advisers to investigate and protect customers from any further risk."