Malware
Patelco Alerts 726,000 Clients: Ransomware Data Breach Exposes Sensitive Information
Patelco Credit Union has notified 726,000 customers of a ransomware data breach involving Accellion’s legacy FTA software. The hacked system contained personal information, including names, addresses, and Social Security numbers. Patelco is offering free credit monitoring services to affected customers and urges them to remain vigilant against potential fraud.
Recently, Patelco Credit Union, a not-for-profit financial organization with over $9 billion in assets, issued a warning to its customers about a data breach. This breach occurred during a RansomHub ransomware attack earlier this year, and the cybercriminal group claimed responsibility for the attack on August 15, 2024, when they published the stolen data on their extortion portal.
What Happened?
Patelco Credit Union offers various financial services, such as checking and savings accounts, loans, credit cards, insurance plans, and investments. In June of this year, the company disclosed that it had suffered a ransomware attack on June 29, 2024, which forced them to shut down their customer-facing banking systems to contain the damage and protect people’s data.
The system outage lasted for about two weeks while the organization worked to restore most of the functionality of its IT systems. At the time, Patelco had not determined if any data had been compromised in the attack. However, further investigation revealed that the threat actors had indeed stolen customer data.
What Data Was Compromised?
According to Patelco’s data breach notification, unauthorized access to the company’s network occurred on May 23, 2024, leading to access to the databases on June 29, 2024. The accessed databases contained customers’ personal information, which may include:
- Full name
- Social Security number (SSN)
- Driver’s license number
- Date of birth
- Email address
This information matches what RansomHub leaked on its extortion portal on the dark web, where the cybercriminals claim that they failed to reach an agreement with Patelco after two weeks of alleged negotiations.
How Many Customers Were Affected?
The incident impacted 726,000 Patelco customers, according to a listing on Maine’s Attorney General Office website.
What Steps Should Customers Take?
Patelco is providing instructions on enrolling in a complimentary two-year coverage of identity protection and credit monitoring services through Experian to the recipients of the data breach notices. The enrollment deadline was set to November 19, 2024.
Additionally, Patelco has placed a warning banner on its website’s homepage, advising members that its team will never contact them directly to request their card details, including their PIN, expiration date, or CVV code.
Customers should be aware of the increased risk of phishing, social engineering, and scams. It is crucial to remain vigilant against unsolicited communications and malicious attempts. By staying informed and taking necessary precautions, customers can protect themselves and their personal information.
Stay Informed and Stay Protected
As cybersecurity threats continue to evolve, it’s crucial to stay informed and take the necessary steps to protect yourself and your information. We encourage you to reach out to us for more information on how to stay safe in the ever-changing world of cybersecurity. Let’s work together to keep your data secure.