Patelco Credit Union Notifies 726,000 Customers of Data Breach Following Ransomware Attack

• Patelco Credit Union published a data breach notification that revealed 726,000 customers’ data was exposed.
• The RansomHub ransomware Patelco cyberattack led to the gang leaking the stolen data on its extortion portal.
• Leaked information includes full names, emails, Social Security numbers, driver's license numbers, and more.

American not-for-profit credit union Patelco was hit by a ransomware attack that started on May 23 and culminated on June 29, exposing the sensitive information of 726,000 customers, according to a Maine's Attorney General Office listing. 

As a precaution during the investigation, the union disabled the functionality of online banking, the mobile app, online bill pay, balance inquiries, monthly statements, and outgoing wire and Zelle transfers. Systems were gradually restored over two weeks, bringing most IT operations back online.

The company confirmed that the compromised databases contained sensitive customer information such as full names, Social Security numbers, driver's license numbers, dates of birth, and email addresses.

Patelco offers 24 months of identity theft protection services via Experian for all the impacted individuals who enroll in the program by the end of November. 

The breach was attributed to the RansomHub ransomware group and leaked on the group's extortion portal on August 15 after the ransom payment negotiations allegedly failed. RansomHub is a ransomware-as-a-service (RaaS) payload whose code overlaps with that of other ransomware groups, such as ALPHV (BlackCat) and Knight Ransomware.

Ransomware attacks are the topic of daily news, targeting various sectors, including healthcare companies like revenue and payment cycle management provider Change Healthcare, specialty radiology practice Consulting Radiologists Ltd, and more.

Other notable security incidents include the HealthEquity 2024 data breach that occurred via a third party that had access to HealthEquity’s SharePoint data and affected 4.3 million individuals.

Recently, T-Mobile failed to implement adequate security measures and report security breaches in due time, according to the Committee on Foreign Investment in the U.S., which issued a $60 million fine. Other of the mobile communications giant’s data breaches have exposed millions of customers’ private data in the past six years.