California credit union confirms 726k affected by June ransomware attack

More than 700,000 people had sensitive personal information stolen during a ransomware attack on a popular credit union in California. 

Patelco, one of the oldest credit unions in the U.S., told regulators that the names, dates of birth, Social Security numbers and drivers license numbers of 726,000 people were exposed when hackers broke into their systems at the end of June.

The disclosure was made on Patelco’s website as well as with attorneys general offices in Maine, California, Massachusetts, Vermont, Texas and others. 

Patelco said they first discovered the attack on June 29 but an investigation revealed the hackers were in the credit union’s network going back to May 23.

They still do not know exactly what information was accessed by the hackers but are notifying everyone who had data held in the affected databases.

Those affected include current and former Patelco members as well as employees. Unnamed law enforcement agencies and external cybersecurity experts were involved in the investigation, which concluded on August 14.

Victims are being given two years of free identity protection services.

Patelco president and CEO Erin Mendez apologized for the incident in a statement last week, telling customers they had created a dedicated call center for those with questions. 

The attack came ahead of the July 4 holiday and caused chaos, with hundreds of customers flooding Facebook to express confusion about the credit union’s messages, questioning why some statements made in emails and on the websites appeared to be in conflict.

Customers said they were unable to take out more than $500 from ATMs and could not access their Patelco accounts online, with the credit union warning customers that ATMs may suffer intermittent outages. 

Law firms have already reached out to the public for potential litigation related to the data breach. 

The attack was claimed two weeks ago by the RansomHub ransomware gang, which was previously responsible for attacks on auction house Christie’s, telecom Frontier, Rite Aid and the city of Columbus, Ohio.

Credit Unions like Patelco, which manages more than $9 billion in assets, face near constant attacks by cybercriminals. 

Last Friday, the Texas Dow Employees Credit Union sent out breach notifications to 500,474 customers warning them of data stolen by hackers who exploited a popular file transfer tool.