Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
One of the largest credit unions on the west coast of the United States, Patelco Credit Union, continues to struggle with the consequences of the ransomware attack that began on June 29.
Patelco Credit Union, one of the oldest credit unions in the United States with more than $ 9 billion in assets, confirmed the ransomware attack in a statement posted on its official website on July 1. The very next day, representatives of the company reported on the same page that customers may face periodic failures in the operation of ATMs and promised to reimburse any penalties for late payments due to these failures.
Electronic transactions such as transfers, direct deposits, balance requests, and payments have been unavailable for some time, and debit and credit card transactions are restricted.
Patelco serves nearly 500,000 customers and has many branches throughout California. In social networks, hundreds of the company's customers actively complain about the inability to withdraw more than $ 500 from ATMs and about problems accessing their online accounts.
People also express confusion about conflicting messages from the credit union. At the moment, incoming transfers via Zelle, ACH and direct deposits, as well as scheduled transfers and money transfers between Patelco accounts, are not processed, although the credit union has assured that all incoming direct deposits will be credited to customers ' accounts.
Customers can access their funds by writing a check, using an ATM card to withdraw cash or make purchases, which raises additional questions about how exactly customer funds are handled.
The credit union promised to write letters on behalf of customers if late payments affect their credit history, and cancel all overdraft and late payment fees during the recovery period.
"On June 29, 2024, Patelco Credit Union was attacked by ransomware. Our priority is the safe and reliable recovery of our banking systems. We work alongside leading third — party cybersecurity experts and collaborate with regulators and law enforcement agencies," said Erlene Mendez, CEO of Patelco Credit Union.
The attack began on Saturday, when the credit union first reported the unavailability of its systems. Patelco was forced to shut down some of its day-to-day banking systems on Sunday to deal with the incident and "limit its impact." Patelco did not say which ransomware was used or whether the hackers were in contact with the credit union.
The credit Union did not provide a public timetable for restoring the functionality of its services, but local news outlets reported that the company notified customers via email of possible difficulties in the coming days and weeks. In addition, in a July 3 update, the company announced that Patelco's core systems are now operational again.
In recent years, dozens of credit unions have been attacked by ransomware programs due to their popularity among the local population and insufficient attention to cybersecurity. In 2024 alone, at least 11 credit unions reported data breaches to regulators, affecting millions of U.S. residents.
And in December 2023, more than 60 credit unions were affected by a ransomware attack on a third-party technology provider, which led to the intervention of the National Credit Union Administration (NCUA) and other US federal agencies to resolve the situation.
In August last year, the NCUA warned of a growing number of cyberattacks on credit unions, credit union service organizations, and other third-party financial service providers.
New NCUA rules passed last year require federally insured credit unions to notify the agency within 72 hours of a cyberattack. NCUA has already received 146 reports of incidents since the regulations came into force on September 1, which is an annual average.
Dan Latimer, vice president of information security company Semperis, noted that hackers are increasingly targeting financial institutions because of the amount of confidential information they process on a daily basis. According to the International Monetary Fund, attacks on financial companies account for almost a fifth of all attacks, with banks being the most vulnerable segment.
Patelco Credit Union, one of the oldest credit unions in the United States with more than $ 9 billion in assets, confirmed the ransomware attack in a statement posted on its official website on July 1. The very next day, representatives of the company reported on the same page that customers may face periodic failures in the operation of ATMs and promised to reimburse any penalties for late payments due to these failures.
Electronic transactions such as transfers, direct deposits, balance requests, and payments have been unavailable for some time, and debit and credit card transactions are restricted.
Patelco serves nearly 500,000 customers and has many branches throughout California. In social networks, hundreds of the company's customers actively complain about the inability to withdraw more than $ 500 from ATMs and about problems accessing their online accounts.
People also express confusion about conflicting messages from the credit union. At the moment, incoming transfers via Zelle, ACH and direct deposits, as well as scheduled transfers and money transfers between Patelco accounts, are not processed, although the credit union has assured that all incoming direct deposits will be credited to customers ' accounts.
Customers can access their funds by writing a check, using an ATM card to withdraw cash or make purchases, which raises additional questions about how exactly customer funds are handled.
The credit union promised to write letters on behalf of customers if late payments affect their credit history, and cancel all overdraft and late payment fees during the recovery period.
"On June 29, 2024, Patelco Credit Union was attacked by ransomware. Our priority is the safe and reliable recovery of our banking systems. We work alongside leading third — party cybersecurity experts and collaborate with regulators and law enforcement agencies," said Erlene Mendez, CEO of Patelco Credit Union.
The attack began on Saturday, when the credit union first reported the unavailability of its systems. Patelco was forced to shut down some of its day-to-day banking systems on Sunday to deal with the incident and "limit its impact." Patelco did not say which ransomware was used or whether the hackers were in contact with the credit union.
The credit Union did not provide a public timetable for restoring the functionality of its services, but local news outlets reported that the company notified customers via email of possible difficulties in the coming days and weeks. In addition, in a July 3 update, the company announced that Patelco's core systems are now operational again.
In recent years, dozens of credit unions have been attacked by ransomware programs due to their popularity among the local population and insufficient attention to cybersecurity. In 2024 alone, at least 11 credit unions reported data breaches to regulators, affecting millions of U.S. residents.
And in December 2023, more than 60 credit unions were affected by a ransomware attack on a third-party technology provider, which led to the intervention of the National Credit Union Administration (NCUA) and other US federal agencies to resolve the situation.
In August last year, the NCUA warned of a growing number of cyberattacks on credit unions, credit union service organizations, and other third-party financial service providers.
New NCUA rules passed last year require federally insured credit unions to notify the agency within 72 hours of a cyberattack. NCUA has already received 146 reports of incidents since the regulations came into force on September 1, which is an annual average.
Dan Latimer, vice president of information security company Semperis, noted that hackers are increasingly targeting financial institutions because of the amount of confidential information they process on a daily basis. According to the International Monetary Fund, attacks on financial companies account for almost a fifth of all attacks, with banks being the most vulnerable segment.
