Patelco CEO Says Ransomware Challenges May Last for Days or Weeks
Most of the credit union’s online banking system remains unavailable to members.
Erin Mendez, president/CEO of the $9.7 billion Patelco Credit Union in Dublin, Calif., said the ransomware attack that took down most of its banking systems on Saturday may last for days or weeks.
In an update that appeared Tuesday afternoon on the credit union’s dedicated website that posts information about the ransomware attack, Mendez wrote: “The next few days – and coming weeks – may present challenges for our members, as we continue to navigate around the limited functionality we are experiencing due to this incident.”
According to the dedicated website that went live on Monday night, the credit union’s online banking, Patelco’s app, direct deposit, online bill pay, outgoing wire transfers, balance inquiries, monthly statements and Zelle remain unavailable.
The dedicated website lists what banking services are available such as checks and cash deposits, ATM withdrawals, in-branch loan payments and certain ACH transactions. The site also lists the limited functionality of its debit and credit cards, live chat, call center and branches. Of note, according to Patelco’s website on Tuesday afternoon, the credit union’s ATMs were not functioning. “ATMs are currently down. We have no reason to believe this is related to the cybersecurity incident. We are investigating the issue and hope to restore access shortly,” the alert read.
In her update, Mendez also wrote that checks written on members’ accounts will be paid as usual but to expect a delay on debiting their account, while transactions initiated at other banks or credit unions (such as ACH transfers) will be processed as usual, but expect a delay on debiting and/or crediting accounts, and ACH debits initiated by billers will also be processed as usual.
The CEO also said that late fees incurred because of this incident will be reimbursed and any Patelco overdraft, late payment or ATM fees will be waived until the credit union’s systems are back up and running.
“If you have concerns about late payments impacting your credit score, we will write letters on your behalf,” Mendez wrote.
The dedicated site also listed Q&As on how the ransomware attack has affected balances, transfers, payments, accounts, loan applications, cards, ATMs, branches, calls and chats.
Based on social media comments, member reaction to the dedicated website has been both positive and negative. The seventh largest credit union in California serves 502,421 members, according to Patelco’s first quarter NCUA Call Report.
“Thank you for updating us Patelco Credit Union,” wrote one member on the credit union’s Facebook page. “I know your employees are working hard to resolve this issue.”
But another member wrote, “Going to lose a lot of customers.”
The credit union has not identified what type of ransomware attacked its systems. According to antivirus and security software firm Norton in Tempe, Ariz., the six common types of ransomwares this year include crypto-ransom, locker ransom, extortionware, doxware, scareware and wiper malware.
The credit union also did not say on its dedicated website whether this ransomware attack was reported to the FBI or other federal or state authorities that investigate or keep track of these incidents.
“Please know we have a talented, experienced team of experts working alongside our team to help us recover,” Mendez wrote. “Thank you again for your patience and we truly appreciate your understanding.”