Patelco Credit Union ransomware attack halts banking services for nearly half a million members

Cybersecurity expert says advancements in AI will increase cyber threats in 2024

Nearly a half-million members of Patelco Credit Union, with branches across the Bay Area and Northern California, lost access to banking services following a ransomware attack over the weekend.

UPDATE 7/2/24: Impact of Patelco Credit Union ransomware attack could last for weeks

The Dublin-based credit union announced on social media at 7 a.m. Saturday its services were unavailable, including online banking, mobile app, direct deposits, transfers, and debit and credit card transactions.

Patelco members received an email from President and CEO Erin Mendez Sunday afternoon about a "serious security incident," although the details about the incident were not initially disclosed.

The email said the credit union was working with cybersecurity experts to assess the situation and restore services. Mendez also said an estimated time of restoration was not available.

In an email Monday, a Patelco spokesperson clarified the security incident was a ransomware attack which required it "to proactively shut down some of our day-to-day banking systems in order to contain and remediate the issue."

An updated email from the credit union on Tuesday indicated the issues could prevent customers from accessing banking services for days or weeks.

Ransomware is a type of malicious software that prevents access to a computer system or network, accompanied by a demand for payment to regain access. Victims who pay the ransom have no guarantees the encrypted files will be unlocked, and the attacks often result in costly disruptions to operations and loss of critical data. 

A ransomware attack against the City of Oakland's computer network last year resulted in the release of personal information of thousands of current and former employees onto the so-called dark web.

The email said Patelco members could still access cash from ATMs and that its branches and call center were open and operating regular business hours, although with longer wait times. Patelco also said its employees would not be able to access individual account details during the outage.

"We have engaged a leading third-party cybersecurity forensic firm to help us to investigate and recover as soon as possible," the Patelco spokesperson said. "Please know that our team and third-party partners are working around the clock to get back up and running. We are committed to providing transparent and frequent updates to best of our ability as well as the best possible service that we can, given the disruption. We sincerely apologize for the inconvenience that this cyber attack has caused for our members. We truly appreciate your patience and support during this difficult time."

As of 3:30 p.m., electronic transactions such as transfers, direct deposit, balance inquiries, and online banking bill payments were unavailable, including the Zelle digital payment system. Debit and credit card transaction were "functioning in a limited capacity," the credit union said. In addition, both the website and mobile app were still not functioning. 

Cash withdrawals and deposits were available at Patelco ATMs and at 30,000 shared branch ATMs in the U.S., Patelco said.

The credit union said further communications about the ransomware attack incident, including updates on system functionality, will be posted to: patelco.org/securityupdate. As of 5 p.m. Monday, the website was not available.

The U.S. Cyber Threat Intelligence Integration Center says the number of ransomware attack claims worldwide in 2023 rose 74% compared with 2022. Meanwhile, ransomware affected 66% of organizations in 2023, according to a recent report.

Patelco is the 27th largest credit union in the country with $9.8 billion in assets and 455,000 members with more than 1 million accounts, according to data from the Federal Reserve. The non-profit credit union has 37 branches in the Bay Area and Sacramento area. It is one of the oldest credit unions in the U.S., begun in 1936 for employees of the former Pacific Telephone and Telegraph Company, now known as AT&T. 

Read more
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.