Getty Images | Smith/Gado Collection
A California-based credit union with more than 450,000 members said it suffered a ransomware attack that is disrupting account services and could take weeks to recover.
“The coming days — and weeks — may present challenges for our members as we continue to navigate the limited functionality we’re experiencing due to this incident,” Patelco Credit Union CEO Erin Mendez told members in a message. of July 1 that said. the security problem was caused by a ransomware attack. Online banking and some other services are unavailable, while some services and other types of transactions have limited functionality.
Patelco Credit Union was hit by the attack on June 29 and has posted updates on its page, which says the credit union “proactively shut down some of our day-to-day banking systems to investigate and correct the issue… As a result of the measures Our proactive, transactions, transfers, payments and deposits are not available at this time.
Patelco Credit Union is a Northern California not-for-profit cooperative with $9 billion in assets and 37 local branches. “Our priority is the safe and secure restoration of our banking systems,” said a July 2 update. “We continue to work alongside leading third-party cybersecurity experts in support of this effort. We have also cooperated with regulators and law enforcement.”
“Everything is frozen”
Patelco member Enrique Juarez said he was having trouble accessing his Social Security payment, according to the Mercury News. “I’ve never had a problem before,” Juarez told the news organization. “Everything is frozen, I can’t even check the balance until this is resolved – and they don’t know [when that will happen].”
Patelco says check and cash deposits should work, but direct deposits have limited functionality.
Security expert Ahmed Banafa “said Tuesday that it appears hackers penetrated the bank’s internal databases through a phishing email and encrypted its contents, locking the bank out of its own systems,” the Mercury News reported. Banafa was paraphrased as saying that “it is likely that the hackers will demand an amount of money from the credit union to restore its systems to normal and will continue to hold the bank’s accounts hostage until the bank finds a way out of the hack or until hackers get paid”.
Change Healthcare, a healthcare payment processing company hit by ransomware this year, told lawmakers it paid a $22 million ransom in bitcoin. Change Owner Healthcare UnitedHealth failed to use multi-factor authentication on critical systems.
Patelco has not disclosed details of how it will recover from the ransomware attack, but acknowledged to customers that their personal information may be at risk. “The investigation into the nature and extent of the incident is ongoing,” the credit union said. “If the investigation determines that individuals’ information is involved as a result of this incident, we will certainly notify those individuals and provide resources to help protect their information in accordance with applicable laws.”
Patelco waives tariffs, warns of more disruptions
Patelco said it is waiving overdraft, late payment and ATM fees “until we get back up and running.” Members who need to access funds from direct deposits can do so by writing a check, using an ATM card to withdraw cash or making a purchase, Patelco said.
As of yesterday, members can expect to “experience brief, intermittent outages at Patelco ATMs,” the organization said. “This is normal and expected during our recovery process. Access to shared ATMs will not be interrupted as part of this process and they remain available for withdrawals and deposits.”
A graphic on the security update page says services that remain unavailable include online banking, the mobile app, outgoing bank transfers, monthly statements, Zelle, balance inquiries and online bill payments.
Patelco branches, call center services and live chat have “limited functionality,” as do debit card transactions, credit card transactions and direct deposits, according to the chart. Services listed as available include check and cash deposits, ATM withdrawals, ACH transfers, ACH for bill payments and in-branch loan payments.
