Patelco Credit Union has confirmed a data breach impacting many individuals after the RansomHub ransomware group stole some databases.
California-based Patelco Credit Union is informing customers and employees about a data breach after a ransomware group managed to steal databases containing personal information from its systems.
Patelco is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area.
The organization revealed in a data breach notice on its website that it detected a ransomware attack involving unauthorized access to its databases on June 29. An investigation revealed that the hackers had access to its systems between May 23 and June 29.
Patelco has determined that the compromised information includes names, Social Security numbers, driver’s license numbers, dates of birth, and email addresses, but noted that not every data element was compromised for each individual.
Patelco’s website says it has over 450,000 members and it was initially presumed that they were all impacted by the breach. Attempts to initiate a class action against the company shortly after the incident came to light said roughly 500,000 people were impacted, likely based on the data from the credit union’s site.
However, the organization has informed the Maine Attorney General’s Office that the incident actually impacted 726,000 customers and employees. Affected individuals are being offered two years of free identity protection services.
California’s Department of Financial Protection and Innovation has also issued a consumer alert in response to the incident.
Patelco was added to the RansomHub ransomware group’s website on August 16. The cybercriminals claimed to have conducted negotiations for two weeks, but could not reach an agreement with the financial organization so they are now auctioning the sensitive data they have stolen.
A sample made public by the hackers shows that the databases contained information such as name, postal address, phone number, email address, date of birth, gender, Social Security number, driver’s license number, password, and credit rating.