Patelco Credit Union has informed authorities that the information of more than 1 million individuals was stolen in a ransomware attack this summer.
The incident was identified on June 29 and resulted in Patelco taking some of its day-to-day banking systems offline, the company said, explaining that it led to an outage affecting the union’s online banking services, mobile application, and call center.
The California-based member-owned, not-for-profit credit union said it determined that the attackers had access to its systems starting May 23 and that they stole a database containing personal information.
In late August, Patelco informed the Maine Attorney General’s Office that the personal information of 726,000 customers and employees was stolen during the attack.
Last week, the financial institution updated its filing with the Maine AGO to say that 1,009,472 people were affected.
Patelco told the impacted individuals that names, dates of birth, driver’s license numbers, Social Security numbers, and email addresses were part of the stolen data, although the compromised information differs by individual.
The credit union is providing the victims with two years of free credit monitoring and identity protection services and recommendations on how to protect their personal information.
While Patelco did not say which ransomware group was responsible for the attack, the RansomHub gang added the union to its Tor-based leak site in mid-August, noting that negotiations with the organization had failed and that it was auctioning the data allegedly stolen during the attack.
RansomHub claimed that, in addition to the information Patelco confirmed as compromised, the stolen data also included data such as gender, addresses, phone numbers, passwords, and credit ratings.
Related: Accounting Firm WMDDH Discloses Data Breach Impacting 127,000
Related: Data Breach at Golf Course Management Firm KemperSports Impacts 62,000
Related: Walgreens Discloses Data Breach Related to Mobile App