Impact of Patelco Credit Union ransomware attack could last for weeks
A ransomware attack at Dublin-based Patelco Credit Union may prevent customers from accessing banking services for days or weeks, the company said
The credit union has 455,000 members holding over one million accounts, with 37 branches in the Bay Area and the Sacramento area.
In an email to credit union members, Patelco President and CEO Erin Mendez said a cybersecurity forensic firm was helping the company investigate the attack and recover its networks as soon as possible, but said restoring full service to customers would take time.
"The next few days - and coming weeks - may present challenges for our members, as we continue to navigate around the limited functionality we are experiencing due to this incident," Mendez said in the email.
According to the email, electronic transactions such as recurring transfers, direct deposits, and balance inquiries were unavailable, including those using the Zelle digital payment network. Also, Automated Clearing House (ACH) payments established with a Patelco account were not being processed, while debit and credit card transactions were functioning in a limited capacity.
The company website and mobile app were still not functioning.
The email said transactions and ACH transfers initiated at other institutions were being processed as were ACH debits initiated by a biller. Checks written on Patelco accounts will be paid, while mortgage or rent payments made by personal check from Patelco checking accounts will be processed. However, each of those transactions will show a delay in debiting or crediting the Patelco account.
Cash withdrawals and deposits were available at Patelco ATMs and 30,000 shared branch ATMs across the U.S.
Mendez said Patelco would reimburse any late fees incurred because of the ransomware attack, and any Patelco overdraft, late payment or ATM fees will be waived until the system is fully back up and running. Mendez also said members concerned about late payments impacting their credit score can have letters from Patelco written on their behalf.
"Please rest assured that while we might not have all the answers to your questions right now, we are working hard to resolve this issue and are committed to frequent and transparent communications as we learn more," Mendez said.
The source of the ransomware attack has not been identified and there was no information on whether the personal information of Patelco customers was at risk.
Patelco established a website with the latest information on the ransomware attack, including service availability at patelco.org/SecurityUpdate.