One of the largest credit unions on the West Coast continues to struggle with its operations following a ransomware attack that began on Saturday.
Patelco Credit Union - one of the nation's oldest credit unions with more than $9 billion in assets - confirmed that it was hit with ransomware in a statement on Monday.
In an update on Tuesday, the credit union told customers to expect intermittent outages at ATMs throughout the recovery process and pledged to reimburse those who incur late fees because of the outages.
Patelco has nearly 500,000 members and dozens of branches across California.
Customers said they were unable to take out more than $500 from ATMs and could not access their Patelco accounts online.
Hundreds of customers flooded Facebook to express confusion about the credit union's messages, questioning why some statements made in emails and on the websites appeared to be in conflict.
Currently, incoming transfers from Zelle, ACH and direct deposits as well as a scheduled Patelco account-to-Patelco account transfers or wire transfers will not be processed.
The credit union said it will write letters on customers' behalf if the late payments impact their credit score.
All overdraft and late payment fees for Patelco will be waived during the recovery process.
All deposits are also insured by the government-backed National Credit Union Administration.
The issues began on Saturday when the credit union first reported that its systems were unavailable.
Patelco did not specify what ransomware was behind the incident or whether the hackers had contacted the credit union.
Dozens of credit unions have been attacked in recent years by ransomware gangs and hackers because of their popularity among local populations and lack of focus on cybersecurity.
In 2024 alone, at least 11 credit unions reported data breaches to regulators - affecting millions of U.S. residents.
In December, more than 60 credit unions were impacted by a ransomware attack on a third-party tech provider that was so damaging the NCUA stepped in to help resolve the issue alongside several other federal agencies.
The NCUA warned last August that it was seeing an increase in cyberattacks against credit unions, credit union service organizations and other third-party vendors supplying financial services products.
The NCUA approved new rules last year that require a federally insured credit union to notify the agency within 72 hours of a cyberattack.
The rule came into effect on September 1 and after just one month, Chairman Todd Harper said the NCUA had already received 146 incident reports - a number the organization previously only saw in an entire year.
Cobalt Strike: International law enforcement operation tackles illegal uses of 'Swiss army knife' pentesting tool.
This Cyber News was published on therecord.media. Publication date: Wed, 03 Jul 2024 20:05:23 +0000