American not-for-profit credit union Patelco was hit by a ransomware attack that started on May 23 and culminated on June 29, exposing the sensitive information of 726,000 customers, according to a Maine's Attorney General Office listing.Â
As a precaution during the investigation, the union disabled the functionality of online banking, the mobile app, online bill pay, balance inquiries, monthly statements, and outgoing wire and Zelle transfers. Systems were gradually restored over two weeks, bringing most IT operations back online.
The company confirmed that the compromised databases contained sensitive customer information such as full names, Social Security numbers, driver's license numbers, dates of birth, and email addresses.
Patelco offers 24 months of identity theft protection services via Experian for all the impacted individuals who enroll in the program by the end of November.Â
The breach was attributed to the RansomHub ransomware group and leaked on the group's extortion portal on August 15 after the ransom payment negotiations allegedly failed. RansomHub is a ransomware-as-a-service (RaaS) payload whose code overlaps with that of other ransomware groups, such as ALPHV (BlackCat) and Knight Ransomware.
Ransomware attacks are the topic of daily news, targeting various sectors, including healthcare companies like revenue and payment cycle management provider Change Healthcare, specialty radiology practice Consulting Radiologists Ltd, and more.
Other notable security incidents include the HealthEquity 2024 data breach that occurred via a third party that had access to HealthEquity’s SharePoint data and affected 4.3 million individuals.
Recently, T-Mobile failed to implement adequate security measures and report security breaches in due time, according to the Committee on Foreign Investment in the U.S., which issued a $60 million fine. Other of the mobile communications giant’s data breaches have exposed millions of customers’ private data in the past six years.