Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Patelco Credit Union Says Breach Impacts 726k After Ransomware Gang Auctions Data

Patelco Credit Union has confirmed a data breach impacting many individuals after the RansomHub ransomware group stole some databases. 

California-based Patelco Credit Union is informing customers and employees about a data breach after a ransomware group managed to steal databases containing personal information from its systems. 

Patelco is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. 

The organization revealed in a data breach notice on its website that it detected a ransomware attack involving unauthorized access to its databases on June 29. An investigation revealed that the hackers had access to its systems between May 23 and June 29.

Patelco has determined that the compromised information includes names, Social Security numbers, driver’s license numbers, dates of birth, and email addresses, but noted that not every data element was compromised for each individual.

Patelco’s website says it has over 450,000 members and it was initially presumed that they were all impacted by the breach. Attempts to initiate a class action against the company shortly after the incident came to light said roughly 500,000 people were impacted, likely based on the data from the credit union’s site. 

However, the organization has informed the Maine Attorney General’s Office that the incident actually impacted 726,000 customers and employees. Affected individuals are being offered two years of free identity protection services. 

California’s Department of Financial Protection and Innovation has also issued a consumer alert in response to the incident. 

Patelco was added to the RansomHub ransomware group’s website on August 16. The cybercriminals claimed to have conducted negotiations for two weeks, but could not reach an agreement with the financial organization so they are now auctioning the sensitive data they have stolen. 

Advertisement. Scroll to continue reading.

A sample made public by the hackers shows that the databases contained information such as name, postal address, phone number, email address, date of birth, gender, Social Security number, driver’s license number, password, and credit rating.

Related: Evolve Bank Data Breach Impacts 7.6 Million People

Related: European Banks Put to Test

Related: Cost of Data Breach in 2024: $4.88 Million, Says Latest IBM Study

Related: 750k Impacted by Frontier Communications Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights