Patelco CU notifies 726K people of data breach that compromised SSNs, disrupted bank services
Patelco Credit Union last week confirmed it notified 726,000 people of a May 2024 data breach that compromised names, Social Security numbers, driver’s license numbers, dates of birth, and email addresses.
Ransoware group RansomHub claimed responsibility for the attack that disrupted Patelco’s online banking and appointment scheduling systems.
The notice sent to victims states, “The investigation revealed that an unauthorized party gained access to our network on May 23, 2024, leading to access to the databases on June 29, 2024.”
Patelco has not verified RansomHub’s claim. We do not yet know whether Patelco paid a ransom, how much RansomHub demanded, or how attackers breached Patelco’s systems. Comparitech contacted Patelco for comment and will update this article if it responds.
A June 30 update on Patelco’s website said the attack “required us to shut down some of our day-to-day banking systems so that we can remediate the issue an contain the impact including online banking, our Mobile App, and our call center. Currently, electronic transactions such as transfers (including Zelle), direct deposit, balance inquiries, and payments are unavailable. Debit and credit card transactions function in a limited capacity.”
Most of those services have since been restored. Patelco says many fees are being reimbursed or waived for the months of July and August.
Patelco is offering eligible victims two years of free identity theft protection via Experian. The deadline to enroll is November 19, 2024.
Who is RansomHub?
RansomHub employs a ransomware-as-a-service model and has been linked to the now-defunct ransomware group, Knight. RansomHub has grown in notoriety in recent months, being behind some of the biggest ransomware attacks this year so far. This includes its attack on Rite Aid, the auction house Christie’s, the Florida Department of Health, and Frontier Communications.
RansomHub claimed 29 confirmed ransomware attack so far in 2024, affecting more than 3.7 million records. We recorded another 163 unconfirmed attacks claimed by the group.
Ransomware attacks on US finance
Comparitech researchers logged 24 confirmed ransomware attacks on US financial institutions so far in 2024, affecting 28.2 million records. This attack on Patelco Credit Union is the fourth largest by number of records affected behind LoanDepot (16.9 million) Evolve Bank and Trust (7.6 million), and Prudential Insurance (2.6 million).
The total number of records affected in ransomware attacks on US financial institutions in 2023 was 10,789,522 across 56 attacks. 2024 looks set to surpass that figure.
The average ransom for all these attacks is $1.23 million.
Another 80 ransomware attacks on US finance have been claimed but not confirmed.
About Patelco Credit Union
Patelco Credit Union is a bank serving the San Francisco Bay Area in Northern California. It operates 37 branches and employs 750 people. It is the 22nd-largest credit union in the world with more than $9 billion in assets and 450,000 members.
Source link