Patelco Credit Union restores most banking services; questions linger over personal information exposure
Banking services from Patelco Credit Union halted following a ransomware attack over two weeks ago have been mostly restored, the company said, though questions remain over customers' personal information.
The Dublin-based credit union said online banking, balance inquiries, check cashing, transactions using the Zelle digital payment network, and other services were restored Monday. The company had previously restored other banking functions such as debit/credit card transactions, electronic transfers, and PayPal and Venmo transactions.
The June 29 hacking of Patelco's network left about 450,000 customers without banking services or access to the account information. The credit union said it has been working with a third-party cybersecurity firm to bring its systems back online. As of Monday, there was still limited functionality at Patelco's call center and branches and for certificate accounts and wire transfers.
Electronic statements, new accounts and loans, along with credit card balance transfers, were among the services still unavailable.
"We have restored most functionality and the services most used by our members. We recognize that there is still progress to be made and while this may not look perfect, we are grateful to be able to support you with your banking needs again," Patelco CEO Erin Mendez said in an email to customers. "As this process proceeds, please understand that you may experience longer wait times at our branches and contact center, especially earlier in the week."
Patelco has not stated whether customers' personal information such as social security numbers and account numbers have been exposed in the data breach. The company has not responded to a CBS News Bay Area request for more information on the source of the attack or the extent of personal data exposed.
The company is being targeted in two class-action lawsuits by Patelco customers who allege it has not safeguarded customers' personal information.
A ransomware attack involves malware that prevents access to devices or networks, usually by encrypting files, and demanding ransom to decrypt them. If no ransom is paid, hackers may follow through on threats to expose personal information on the so-called dark web, such as what happened to City of Oakland employees last year.
Patelco, which has 37 branches in the Bay Area and the Sacramento area, had assured its customers that their money was "safe and secure" while the third party was working to restore services. The credit union is waiving most fees for July and August automatically and reimbursing many third-party fees related to late payments on other bills between June 29 and July 15.
The company's web page with security incident information and frequently asked questions has been updated to show the most current information available.