HQ/EMEAFind out how we can help your business
Patelco Credit Union has distributed notification letters to its customers, warning them about a data breach that resulted in the stealing of personal information caused by the RansomHub ransomware attack earlier this year.
Despite the corporation not admitting who was behind the attack, the RansomHub ransomware group claimed responsibility on August 15, 2024, by publishing all of the stolen data on their extortion site.
Last month, the corporation announced that it experienced a ransomware attack on June 29, 2024, prompting it to lock down customer-facing financial systems to control the damage and secure people’s data.
The system outage lasted a few weeks, during which the business recovered most of its IT systems’ operation. However, when the attack was disclosed, the company had not decided whether data had been stolen, but an investigation discovered that the threat actors stole client details.
According to the data breach notification, an unauthorised entity acquired initial access to its network on May 23, 2024, which resulted in database access on June 29, 2024.
Patelco revealed the details of the data stolen during the data breach incident.
Following an inquiry and careful assessment of the malicious incident, Patelco confirmed earlier this month that the accessed databases contained personal information. The information exposed to hackers varies by individual and may include critical details, such as full names, Social Security Numbers, driver’s licence numbers, dates of birth, and email addresses.
This revelation is consistent with what RansomHub released on its extortion site, in which cybercriminals say they could not complete a transaction with Patelco after extensive claimed negotiations.
According to a report on the Maine Attorney General’s Office website, the problem affected more than 700,000 Patelco customers.
On the other hand, the company’s data breach notices will include instructions for enrolling in two-year identity protection and credit monitoring services. The enrollment deadline was set for November.
Patelco has also posted a warning on its website’s homepage, informing users that its team will never contact them personally to request card details like PINs, CVV codes, or expiration dates.
Therefore, potentially affected people should be careful of phishing and social engineering campaigns, as other threat actors could use the leaked database to execute other cybercriminal operations.
