Data Breaches

Patelco Credit Union Says Breach Impacts 726k After Ransomware Gang Auctions Data

Patelco Credit Union has confirmed a data breach impacting many individuals after the RansomHub ransomware group stole some databases. 

Patelco Credit Union has confirmed a data breach impacting many individuals after the RansomHub ransomware group stole some databases. 

California-based Patelco Credit Union is informing customers and employees about a data breach after a ransomware group managed to steal databases containing personal information from its systems. 

Patelco is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. 

The organization revealed in a data breach notice on its website that it detected a ransomware attack involving unauthorized access to its databases on June 29. An investigation revealed that the hackers had access to its systems between May 23 and June 29.

Patelco has determined that the compromised information includes names, Social Security numbers, driver’s license numbers, dates of birth, and email addresses, but noted that not every data element was compromised for each individual.

Patelco’s website says it has over 450,000 members and it was initially presumed that they were all impacted by the breach. Attempts to initiate a class action against the company shortly after the incident came to light said roughly 500,000 people were impacted, likely based on the data from the credit union’s site. 

However, the organization has informed the Maine Attorney General’s Office that the incident actually impacted 726,000 customers and employees. Affected individuals are being offered two years of free identity protection services. 

Advertisement. Scroll to continue reading.

California’s Department of Financial Protection and Innovation has also issued a consumer alert in response to the incident. 

Patelco was added to the RansomHub ransomware group’s website on August 16. The cybercriminals claimed to have conducted negotiations for two weeks, but could not reach an agreement with the financial organization so they are now auctioning the sensitive data they have stolen. 

A sample made public by the hackers shows that the databases contained information such as name, postal address, phone number, email address, date of birth, gender, Social Security number, driver’s license number, password, and credit rating.

Related: Evolve Bank Data Breach Impacts 7.6 Million People

Related: European Banks Put to Test

Related: Cost of Data Breach in 2024: $4.88 Million, Says Latest IBM Study

Related: 750k Impacted by Frontier Communications Data Breach

Related Content

Artificial Intelligence

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Cybercrime

Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100...

Ransomware

The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Data Breaches

The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization.

Data Breaches

Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version