At the end of last week, Patelco Credit Union issued an updated data breach notification on the Maine AG website. In this revised notice, it increased the number of people affected from 726,000 to 1,009,472. This follows a ransomware attack via RansomHub in June 2024.
This makes this ransomware attack the eighth largest this year so far based on records affected. And the fourth largest on the finance industry.
No other changes were noted in the updated breach notification with the data impacted remaining the same: first and last name with Social Security number, Driver’s License number, date of birth, and/or email address. Not every data element was present for every individual.
Those affected are being offered free access to Experian’s identity theft protection services for 24 months.
Ransomware attacks on the finance industry
So far this year, we’ve noted 52 ransomware attacks on the finance sector around the world. These have impacted 28,490,503 records in total. As well as this attack on Patelco Credit Union, there have also been large attacks on LoanDepot (16.9 million affected), Evolve Bank & Trust (7.6 million affected), and Prudential Insurance Company of America (2.6 million affected).
As our recent report found, ransomware attacks on this sector can have a huge impact–both on the number of people affected and the cost of recovering from such attacks. Our in-depth analysis found that financial organizations are hit with an average ransom demand of $4.2 million.
As an industry with some of the most sensitive data, financial companies remain a key target for hackers. This is demonstrated in the fact that more records have been breached via attacks this year than throughout all of 2023 (28.5 million compared to 24.9 million).
Other recently confirmed attacks on this sector include Quálitas Compañía de Seguros, S.A.B. de C.V. (Mexico), JG Summit Holdings, Inc. (the Philippines), Hug-Witschi AG (Switzerland), and Bank Rakyat (Malaysia).
Who is RansomHub?
RansomHub is a new ransomware group thought to have ties with Russia and to be linked with the now-defunct group, Knight. It posted its first victim in February 2024 and since then we have tracked 293 attacks via this group. 248 of these attacks remain unconfirmed with 45 being confirmed.
In the case of Patelco Credit Union, RansomHub employed a double-extortion technique by both encrypting banking systems and stealing data. Both have caused widespread disruption with customers being unable to access banking services or account information for nearly two weeks and over a million now being caught up in the data breach.
About Patelco Credit Union
Patelco Credit Union is a bank serving the San Francisco Bay Area in Northern California. It operates 37 branches and employs 750 people. It is the 22nd-largest credit union in the world with more than $9 billion in assets and 450,000 members.
Source link