RansomHub Breach Leaves Over 1 Million Patelco Users Vulnerable

Patelco Credit Union, one of California’s largest credit unions, confirmed that a ransomware attack exposed the personal data of over 1 million individuals.

The sophisticated malicious campaign was discovered June 29, when the affected party took several core systems offline to mitigate damage. Patelco confirmed that the attackers breached their systems as early as May 23.

Perpetrators Exfiltrated Database Full of Highly Sensitive Customer Data

The prolonged access to Patelco’s systems allowed threat actors to exfiltrate a database with highly sensitive customer information, ultimately impacting more than a million people.

The database included names, Social Security Numbers (SSNs), birth dates, email addresses, and driver’s license numbers. Reportedly, compromised details varied for each individual.

Patelco’s initial report, when notifying the Maine Attorney General’s Office, counted 726,000 individuals impacted by the breach. However, a closer investigation revised the number to 1,009,472.

RansomHub Claims the Attack Against Patelco Credit Union

Although the credit union didn’t name the group responsible for the ruthless campaign against its systems, it emerged that the infamous RansomHub gang had orchestrated the attack.

By mid-August, the cybercrime syndicate had added Patelco to its Tor-based leak website, claiming that negotiations between the parties had broken down and announcing its intentions to auction the stolen data.

Additional Details Exfiltrated During the Attack, Threat Actors Claim

The perpetrators claimed that, in addition to compromised personal data confirmed by the credit union, they also exfiltrated details such as gender, phone numbers, addresses, credit ratings, and passwords.

Patelco has responded by offering affected customers two years of complimentary credit monitoring and identity protection to mitigate potential long-term damage to their financial and personal security.

Mitigating Data Breaches With Specialized Solutions

Unfortunately, even the most secure organizations can suffer data breaches, despite robust cybersecurity measures. As a customer, it is essential to take proactive measures to protect personal data.

Specialized solutions like Bitdefender’s Digital Identity Protection can add an extra layer of defense, helping monitor your personal data for leaks and breaches and alerting you to potential risks. It offers real-time protection by quickly identifying breaches and guiding you to minimize the impact on your digital footprint.