Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident’s impact.

Patelco is an American credit union with assets exceeding $9 billion. It offers a wide range of financial services, including checking and savings accounts, loans, credit cards, investment services, and insurance plans.

The California-based not-for-profit organization serves over 400,000 members through 37 branches in the Bay Area, Sacramento, and San Jose.

In a status update about service outages that started on June 29, 2024, Patelco said it experienced a ransomware attack that day.

“On June 29, 2024, Patelco Credit Union experienced a ransomware attack,” informed Patelco.

“Unfortunately, this incident has required us to proactively shut down some of our day-to-day banking systems in order to contain and remediate the issue.”

According to Patelco’s most recent status update on service availability, the following remain impacted:

  • Online banking, mobile app, and call center services are currently unavailable.
  • Electronic transactions such as transfers, direct deposits, balance inquiries, and payments are also unavailable.
  • Debit and credit card transactions are operational but in a limited capacity.

The organization says members can still perform cash withdrawals from ATMs (both Patelco’s and shared branch machines), which the remediation effort has not impacted.

Patelco engaged with third-party cybersecurity experts to investigate the incident and accelerate the recovery, but no date for return to normal operations has been given yet.

The company anticipates delays in customer service and apologizes in advance for the situation, kindly asking its members to be patient as its teams work round the clock to get everything back up and running.

At the time of writing, no ransomware groups have claimed responsibility for the attack at Patelco, so the perpetrators remain unknown.

Ransomware attacks typically also involve data theft to be used in the extortion phase, which could involve sensitive personal and financial information on hundreds of thousands of Patelco members.

The firm has not commented on the possibility of customer data exposure yet, presumably because the investigation is still in its early phase.

Out of an abundance of caution, Patelco clients should maintain elevated vigilance against unsolicited communications and messages requesting they share personal information and closely monitor account activity.