A cyberattack on one of the largest credit unions in the country Patelco resulted in over 450,000 customers getting locked out of many of its services since Saturday.
On June 29, Patelco announced that their systems were unavailable and that the company was working to resolve the outage. On July 1, the credit union attributed the outage to a ransomware attack. “Unfortunately, this incident has required us to proactively shut down some of our day-to-day banking systems in order to contain and remediate the issue,” Patelco said. “We have engaged a leading third-party cybersecurity forensic firm to help us to investigate and recover as soon as possible.”
Patelco, headquartered in Dublin, California, has 36 branches in the country and manages $9 billion in assets.
Ransomware is a type of cyberattack in which malware is used to lock out a victim’s sensitive data or devices, which is only reversed when the victim pays a ransom. The credit union said that members can still access cash through ATMs. Services like check and cash deposits, ATM withdrawals, and in-branch loan payments are available.
Call center operations, live chats, and debit/credit card transactions now have limited functionality. Services like online banking, mobile apps, outgoing wire transfers, direct deposits, and online bill payments continue to remain unavailable. “We anticipate longer than normal wait times,” the firm said.
Regarding the safety of customer data, Patelco said they have “no evidence that mobile and online banking User IDs and passwords are affected by this security incident.” In addition, “we have no evidence that account information was compromised at this time.”
In case customers face a late fee at Patelco connected to the security incident, the credit union promised to take care of the situation once systems are restored.
Every Patelco member is automatically insured by the National Credit Union Administration (NCUA). The organization’s insurance fund insures up to $250,000 per individual account.
Dealing With Outages
According to the U.S. Consumer Financial Protection Bureau (CFPB), if a bank or credit union outage affects credit/debit cards, the account holder should try other means of accessing their funds, like a check or withdrawing the amount in person.In case the account holder was charged fees for any withdrawal, deposits, or other transactions because of the steps they had to take during the outage, the customer has the right to ask the bank to reverse these charges.
“You can ask them to credit your account for late fees, overdraft fees, or insufficient funds fees the outage caused,” the agency said.
People should also watch out for fraud. During outages, “thieves sometimes try to contact you with email, phone calls, social media messages, or text messages that seem like they’re coming from an official source.”
The CFPB asked people to only contact their bank/credit union as shown in the official statement or other document from the institution.
Patelco’s ransomware attack is one among the many that have been targeting major institutions worldwide.
According to a February report from blockchain analysis firm Chainalysis, 2023 was a “watershed year” for ransomware crimes.
The year saw “record-breaking payments and a substantial increase in the scope and complexity of attacks—a significant reversal from the decline observed in 2022.”
In 2021, ransomware attackers had collected $983 million from their victims. This fell to $567 million in 2022. But in 2023, the figure almost doubled to $1.1 billion. This was the “highest number ever observed.”
