Patelco confirms thousands of customers hit in ransomware attack

News
By
published

New filing sheds more light on recent Patelco attack

ransomware avast
(Image credit: Avast)
Jump to:

The ransomware attack on Patelco Credit Union appears to have meant the company lost sensitive data on hundreds of thousands of customers.

The firm confirmed the news via a new filing submitted with the Maine Office of the Attorney General, stating 726,000 of its customers have had their data taken.

The stolen data included user’s full names, Social Security Numbers (SSN), driver’s license numbers, dates of birth, and email addresses, which is more than enough intel to mount identity theft, phishing, or wire fraud.

Names and SSNs

The American not-for-profit financial cooperative reported suffering a ransomware attack in May 2024 which forced it to shut down parts of its IT infrastructure to contain the incident. It took the company roughly two weeks to get back on its feet and resume operations.

At the time, it was unknown who the hackers were, or if they obtained any sensitive information from the company endpoints, as is the usual case in ransomware attacks.

Soon after, RansomHub, a group that spun out of the defunct ALPHV, claimed responsibility for the attack, and published all of the stolen data on its extortion portal.

As a credit union, Patelco offers many of the same financial services as a traditional bank, including savings accounts, checking accounts, loans, mortgages, credit cards, and investment services. However, unlike banks, credit unions like Patelco are member-owned and operated, meaning profits are returned to members in the form of lower fees, better interest rates, and dividends.

Patelco is one of the larger credit unions in the U.S., serving hundreds of thousands of members and managing billions of dollars in assets. According to BleepingComputer, its assets exceed $9 billion.

Patelco is offering two years of identity and credit monitoring services for free, through Experian, to minimize the damage.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.