Patelco Credit Union Data Breach Affects Over 1 Million Individuals

Published
Written by:
Lore Apostol
Lore Apostol
Infosec Writer & Editor
Patelco Credit Union customers gather outside its downtown Berkeley branch | Credit: Ximena Natera, Berkeleyside/CatchLight

Patelco Credit Union disclosed that a data breach had impacted 1,009,472 individuals following a ransomware attack earlier this summer, as per a recent filing with the Maine AGO. Initially, the American not-for-profit credit union initially sent breach notifications to 726,000 customers and employees.

The compromised data includes names, dates of birth, driver's license numbers, Social Security numbers, and email addresses, though not every data type was stolen from each individual.

The breach was identified on June 29, prompting Patelco to temporarily disable certain day-to-day banking systems. This decision impacted their online banking services, mobile applications, and call center operations. 

The attack was initially traced back to May 23, when attackers gained unauthorized access to Patelco's systems and extracted a database containing sensitive personal information.

While Patelco has not publicly confirmed the group responsible, the RansomHub gang has claimed involvement, listing the credit union on its Tor-based leak site. The group alleges negotiations with Patelco failed, leading them to auction the stolen data, which allegedly also includes genders, addresses, phone numbers, passwords, and credit ratings.

In response to the breach, Patelco is offering two years of complimentary credit monitoring and identity protection services to those affected. They have also provided guidance on protecting personal information in the wake of the compromise.

The RansomHub ransomware-as-a-service (RaaS) has been active since February and is known to overlap with other ransomware groups, such as ALPHV (BlackCat) and Knight Ransomware. The cybercriminal gang has already targeted over 200 organizations in just six months.

Recently, the public Delaware Libraries were hit by a RansomHub ransomware affiliate and extorted for $1 million. RansomHub released 487 gigabytes of data allegedly exfiltrated from Kawasaki Motors Europe (KME) in early September, which the company called an “unsuccessful” cyberattack. 

The group also exploited Kaspersky's TDSSKiller, traditionally used for identifying rootkits and bootkits, to disable endpoint detection and response (EDR) software and compromise target systems more efficiently.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: