Six months after Patelco Credit Union was hit with a
The $9.8 billion-asset credit union based in Dublin, California was hit with a ransomware attack in late June of last year, affecting its 500,000 members. Hackers were able to access personally identifiable information about a significant number of members including birth dates, email addresses, Social Security numbers and driver's license numbers, according to a letter Patelco sent to affected customers that was later posted by the Maine Attorney General's Office.
"Last summer's cybersecurity breach at Patelco adversely affected hundreds of thousands of credit union members," said KC Mohseni, acting DFPI commissioner. "They were locked out of their accounts for weeks and their personal information was compromised. This Department is committed to holding accountable companies that do not adequately protect their customers' data."
The order instructs Patelco to bolster its cybersecurity to be in compliance with state and federal requirements. The credit union is additionally instructed to retain an independent compliance consultant and report cybersecurity updates to the DFPI.
The June 29 attack caused many of the credit union's banking systems to be out of service from that date until July 15, according to the DFPI's consent order. Patelco customers, the order states, were unable to access checking and savings account data to verify balances and were unable to do any online banking. Patelco informed customers they could access $500 daily in in-branch and ATM withdrawals and were able to use debit and credit cards, as well as ACH transfers and wires, according to the consent order. The credit union waived fees and reimbursed members for any fees charged by third parties due to the outage.
Nearly two weeks later, members were still unable to do some functions, but most had been restored, according to Patelco.
In a statement, Erin Mendez, president and CEO of Patelco, said the credit union has been working closely with the California DFPI to address their questions and reach a resolution.
"As part of this resolution, we are implementing enhanced measures to further strengthen our cybersecurity program — many of which are already underway," Mendez said. "These proactive steps underscore our unwavering commitment to transparency, protecting our members' information and privacy, and continuously improving our systems to prevent future incidents. By investing in these improvements, we reaffirm our dedication to resilience and the trust our members and community places in us."
