Ransomware attack on Patelco Credit Union causes confusion ahead of holiday weekend

One of the largest credit unions on the West Coast continues to struggle with its operations following a ransomware attack that began on Saturday. 

Patelco Credit Union — one of the nation’s oldest credit unions with more than $9 billion in assets — confirmed that it was hit with ransomware in a statement on Monday. In an update on Tuesday, the credit union told customers to expect intermittent outages at ATMs throughout the recovery process and pledged to reimburse those who incur late fees because of the outages.

Patelco has nearly 500,000 members and dozens of branches across California. Customers said they were unable to take out more than $500 from ATMs and could not access their Patelco accounts online. 

Hundreds of customers flooded Facebook to express confusion about the credit union’s messages, questioning why some statements made in emails and on the websites appeared to be in conflict.

“Make this make sense people!!” one Facebook user said. 

Currently, incoming transfers from Zelle, ACH and direct deposits as well as a scheduled Patelco account-to-Patelco account transfers or wire transfers will not be processed. But the credit union said any incoming direct deposits “will be credited to customer accounts and processed before withdrawals.” 

The credit union added that customers can access funds from their direct deposit “by writing a check, using an ATM card to get cash or make a purchase” — prompting further questions about how customer funds are being handled. 

The credit union has not publicly provided a timetable for the recovery process but local news outlets reported that CEO Erin Mendez emailed customers this week to say the “next few days - and coming weeks – may present challenges for our members.”

The credit union said it will write letters on customers’ behalf if the late payments impact their credit score. All overdraft and late payment fees for Patelco will be waived during the recovery process.

All deposits are also insured by the government-backed National Credit Union Administration (NCUA).

“On June 29, 2024, Patelco Credit Union experienced a ransomware attack. Our priority is the safe and secure restoration of our banking systems. We continue to work alongside leading third-party cybersecurity experts in support of this effort. We have also been cooperating with regulators and law enforcement,” Mendez said in a statement. 

“We don’t take lightly how severely this has impacted our members.”

The issues began on Saturday when the credit union first reported that its systems were unavailable. 

By Sunday, the credit union said it had to shut down some of its day-to-day banking systems in order to deal with the incident and “contain the impact.” All electronic transactions like transfers, direct deposit, balance inquiries and payments were unavailable. Debit and credit card transactions were limited. 

Patelco did not specify what ransomware was behind the incident or whether the hackers had contacted the credit union.

Dozens of credit unions have been attacked in recent years by ransomware gangs and hackers because of their popularity among local populations and lack of focus on cybersecurity. In 2024 alone, at least 11 credit unions reported data breaches to regulators — affecting millions of U.S. residents.

In December, more than 60 credit unions were impacted by a ransomware attack on a third-party tech provider that was so damaging the NCUA stepped in to help resolve the issue alongside several other federal agencies. 

The NCUA warned last August that it was seeing an increase in cyberattacks against credit unions, credit union service organizations and other third-party vendors supplying financial services products.

The NCUA approved new rules last year that require a federally insured credit union to notify the agency  within 72 hours of a cyberattack. The rule came into effect on September 1 and after just one month, Chairman Todd Harper said the NCUA had already received 146 incident reports — a number the organization previously only saw in an entire year.

Dan Lattimer, vice president of cybersecurity firm Semperis, said hackers are increasingly targeting small, midmarket and large financial and banking institutions “for the volume of sensitive financial information they process daily” — citing data from the International Monetary Fund suggesting that attacks on financial firms account for nearly one-fifth of all attacks, with banks being the most exposed.