DUBLIN, Calif.–Patelco Credit Union has confirmed some member information may have been compromised as part of a ransomware attack that began five weeks before its systems were knocked offline in late June and the attack became public knowledge.
In a notice of data breach, the $9-billion Patelco CU said the June 29 ransomware attack “involved unauthorized access to some of our databases.”
“Upon learning of this issue, we contained the threat by proactively disabling all unauthorized access to our network, restoring all data, and immediately commencing a prompt and thorough investigation,” Patelco said in its online statement. “We also notified law enforcement. As part of our investigation, we worked very closely with external cybersecurity professionals experienced in handling these types of incidents. The investigation revealed that an unauthorized party gained access to our network on May 23, 2024, leading to access to the databases on June 29, 2024.”
Patelco said it, on Aug. 14, was able to confirm that the hackers accessed databases containing members’ personal information.”
Specific Data Not Identified
“Although the investigation identified unauthorized access to some of our databases, the specific data that was accessed has not been determined,” Patelco said. “Accordingly, we are notifying individuals whose information was in those databases.”
The credit union said the information included first and last name with Social Security number, driver’s license numbers, date of birth, and/or email addresses
“Not every data element was present for every individual,” Patelco said.
The Response
In response, Patelco said it is offering a complimentary two-year membership in Experian IdentityWorks Credit 3B, which is designed to help detect possible misuse of your personal information and to provide identity protection services focused on immediate identification and resolution of identity theft.
On its website Patelco has also added other steps members can take to protect themselves, including placing a fraud alert and/or security freeze on credit files.
“Please accept our apologies that this incident occurred,” Patelco told its 500,000 members. “We are committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of personal information.”
Lawsuits Filed
As reported earlier, Patelco’s online services were unavailable to members for several weeks after the ransomware attack, and balance information was also unavailable in-branch. While online access and balance information have been restores, some services remain offline.
Also as reported, approximately a dozen lawsuits seeking class action status have also been filed.