Pierluigi Paganini September 30, 2024

The ransomware attack on Patelco Credit Union this summer led to a data breach affecting over 1 million individuals, revealed the company.

Patelco Credit Union is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. Founded in 1936, it is one of the oldest and largest credit unions in the country. With more than $9 billion in assets, it is the 22nd-largest credit union in the country.

At the end of June, the American credit union Patelco Credit Union shut down several of its banking systems to contain a ransomware attack.

The credit union investigated the security breach and discovered that threat actors first gained access to its systems on May 23, 2024, and exfiltrated a database containing personal information.

The company initially reported to the Maine Attorney General’s Office that the security breach impacted 726,000 customers and employees. The company offered impacted individuals two years of free identity protection services. 

Patelco Credit Union now provides an update on the incident and discloses that the data breach impacted 1,009,472 people following the July ransomware attack.

“Following the investigation and a thorough review of the data involved, we confirmed on August 14, 2024, that the accessed databases contained your personal information. Although the investigation identified unauthorized access to some of our databases, the specific data that was accessed has not been determined.” reads the data breach notice sent to the impacted individuals. “Accordingly, we are notifying individuals whose information was in those databases. The information in the accessed databases included first and last name with Social Security number, Driver’s License number, date of birth, and/or email address. Not every data element was present for every individual.”

Patelco did not reveal the ransomware group that breached its systems, however the RansomHub group added Patelco Credit Union to its Tor leak site in August.

“We conducted negotiations for up to 2 weeks, and unfortunately we were unable to reach an agreement.
The company’s management doesn’t care about the privacy of customers at all. We auction the sensitive data extracted from their network,We will update the data sample in the next few days” wrote the ransomware gang on its leak site.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, ransomware)