Cyber Incident Victim: Patelco Credit Union
Date:
Jun 2024
Location:
United States of America
Summary
Patelco Credit Union experienced a ransomware attack that disrupted its operations, prompting a partial shutdown of services while containment and recovery efforts commenced. The institution confirmed core systems as secure with member funds protected, though full restoration remains ongoing with 24/7 technical efforts. Members retain access to Venmo and PayPal transactions, and loan-related fees or penalties are waived during the outage. Regulatory authorities were notified, and operational branches and call centers remain available for support despite continued system limitations. The credit union's leadership acknowledged member frustrations and committed to resolving the incident while maintaining transparency through updates.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 29, 2024, Patelco Credit Union experienced a ransomware attack that disrupted its operational systems, prompting an immediate shutdown of certain day-to-day functions to contain the incident. The California Department of Financial Protection and Innovation (DFPI) confirmed the cyberattack and noted Patelco’s public communications via its website regarding service availability. While branch offices and call centers remained open to assist members, core banking systems were taken offline, limiting transaction capabilities. Initial impacts included restricted access to account services, though third-party payment platforms like Venmo and PayPal remained functional. Patelco assured members that loan payments would not incur penalties, fees, or negative reporting during the outage, acknowledging the disruption’s effect on routine financial activities. The credit union’s technology and cybersecurity teams initiated around-the-clock efforts to restore systems and conduct forensic investigations.
By July 3, Patelco’s cybersecurity specialists validated the security of core systems, confirming member funds were safe, though full operational restoration remained incomplete. CEO Erin Mendez stated systems would not resume normal functionality during the weekend following the attack, extending the recovery timeline. Forensic examinations of file systems continued alongside technical remediation work. Patelco expanded member support by opening its call center on July 4, 2024, from 8 AM to 5 PM PT despite standard branch closures for the holiday. Mendez publicly addressed member frustrations, emphasizing organizational transparency and commitment to resolving the incident. The DFPI advised consumers to verify financial service provider licensure or submit complaints through its official channels, reflecting regulatory oversight of the incident’s broader implications. No data compromise specifics or attacker origins were disclosed in available communications as recovery efforts progressed.