Patelco confirms thousands of customers affected by ransomware attack
The ransomware attack on Patelco Credit Union appears to have left the company losing sensitive data of hundreds of thousands of customers.
The company confirmed the news in a new document filed with the Maine Attorney General’s Office, which states that the data of 726,000 of its customers was stolen.
The stolen data includes users’ full names, Social Security numbers (SSN), driver’s license numbers, dates of birth, and email addresses. This is more than enough information to commit identity theft, phishing, or wire fraud.
Names and BSNs
The U.S. nonprofit financial cooperative reported a ransomware attack in May 2024, forcing it to shut down parts of its IT infrastructure to contain the incident. It took about two weeks for the company to get back on its feet and resume operations.
At the time, it was not known who the hackers were or whether they had obtained sensitive information from the company’s endpoints, as is common in ransomware attacks.
Shortly after, RansomHub, a group that spun off from the defunct ALPHV, claimed responsibility for the attack and published all of the stolen data on its extortion portal.
As a credit union, Patelco offers many of the same financial services as a traditional bank, including savings accounts, checking accounts, loans, mortgages, credit cards, and investment services. Unlike banks, however, credit unions like Patelco are owned and operated by their members, meaning that profits are returned to the members in the form of lower fees, better interest rates, and dividends.
Patelco is one of the larger credit unions in the U.S., serving hundreds of thousands of members and managing billions of dollars in assets. According to BleepingComputerits assets exceed $9 billion.
Patelco is offering two years of free identity and credit monitoring services through Experian to help limit the damage.
Via BleepingComputer
