Patelco CU Members Grateful That Banking Systems Are Up and Running

Two weeks after ransomware hackers shut down its banking systems, the $9.7 billion Patelco Credit Union has restored “most functionality and the services most used” by its 502,421 members.

On Saturday, the Dublin, Calif.-based credit union posted a notice on its Security Incident Updates & Information website stating that members would be able to access its online and mobile banking systems on Monday.

“We have restored most functionality and the services most used by our members, Patelco President/CEO Erin Mendez wrote in an update. “We recognize that there is still progress to be made and while this may not look perfect, we are grateful to be able to support you with your banking needs again.”

Apparently, members couldn’t wait until Monday and posted hundreds of grateful messages on Patelco’s Facebook page that its online and mobile banking systems were up and running on Saturday.

“I’m happy to read this, thanks to all who worked so diligently on this,” one member wrote. “I have to say in my 45 years with Patelco, this is the first time I’ve ever had something like this happen. I knew my accounts were safe.”

“Thank you,” another member wrote. “I live in Nevada and depend on Mobile banking. This is great news. Good job Patelco.”

“Yup, everything works again — even here in Denmark,” a member wrote. “I’m grateful we have access restored.”

Some remarks from members showed they were not only thankful for the restoration of Patelco’s online banking and mobile app, but also grateful for the credit union’s branches.

“Yesterday I visited a branch for the first time and I have to say I was so impressed by the service I received by all the Patelco personnel,” a member wrote. “It couldn’t have been easy to deal with the huge influx of customers and yet it was done very courteously!! Kudos to all!!”

“Your staff in the branches is super,” another member wrote. “I like the little touches like having candy and water for members.”

Another member wrote, “Thank you so very much! Great job, and teller services were very personal. All’s forgiven.”

But a few members were not all that forgiving.

“Why are members thanking you for fixing a system that should never have failed/?” one member asked. “We don’t owe you a thank you. You owe the membership an apology.”

It should be noted that Patelco did apologize to members when the outage occurred on June 29.

Another member wrote that he was furious about the lack of clarity with bill pay checks, and apparent errors in his debit and credit card payments.

Although members now have access to their accounts, balances and the ability to move money via online banking, mobile app or in a branch, they will not have access to electronic statements, though they will have visibility into transaction history. Members can expect to receive printed month-end statements for June and July.

According to Patelco’s service updates, it is currently unable to open new accounts, approve new loans, provide credit card balance transfers or cash advances, or schedule appointments.

Patelco said it opened a new hotline number – 1-800-358-8228 (extension 3030) – specifically to help members work through any issues caused by this outage, such as fees, late payments or delayed transactions. The credit union also said it will be providing fee waivers, third-party reimbursements and late payment support.

Soon after cybercriminals shut down Patelco’s banking systems in June, members filed several class action lawsuits in federal and state courts.

The class action lawsuits claimed that this ransomware attack allegedly exposed and compromised the personally identifiable information (PII) of Patelco’s members – names, dates of birth, addresses, Social Security numbers and driver’s license numbers – and their account information, which may substantially increase members’ risk of fraud and identity theft.  The lawsuits also alleged that Patelco failed to follow appropriate protocols, policies and procedures regarding the encryption of data that compromised members’ private information.

Last week, Patelco declined to respond to a CU Times question as to whether members’ PII had been compromised during the ransomware attack.

On July 2, the credit union said in a Q&A there was no evidence that the ransomware attack affected or compromised mobile and online banking user IDs, passwords and account information. Nevertheless, it appeared that statement had been removed from the credit union’s dedicated website regarding the ransomware attack.

However, Patelco has updated its Q&As in regard to the ransomware attack and whether it has impacted members’ IDs, passwords and account information.

“We engaged a leading cybersecurity forensic firm to help us investigate the nature and scope of the incident. The investigation is ongoing and in its early stages,” Patelco said. “We’re committed to providing transparent and frequent updates as we learn more information. If we discover that your information was impacted as a result of this incident, we will notify you directly.”

The credit union also said before being brought back online, each of its systems were meticulously examined by third-party cybersecurity experts and bolstered with additional detection and intrusion prevention tools to ensure a secure environment. “Cybersecurity defense is a constantly moving target, particularly for financial services institutions, which are often targets for these kinds of attacks,” Patelco said. “We remain committed to making strategic investments in the advanced tools, teams and partners that help keep us safe.”