View All R&D Articles

Sacramento Credit Union Announces Outage Due to Ransomware Attack

July 2, 2024

Patelco Credit Union, a Sacramento-based credit union with 37 local branches, has confirmed that its recent security breach occurred due to a ransomware attack. 

In an email sent to the members of the credit union, Patelco CEO Erin Mendez said that members would be reimbursed for late fees that occur as a result of the incident.

“If you have concerns about late payments impacting your credit score, we will write letters on your behalf,” Mendez wrote. “We will waive any Patelco overdraft, late payment or ATM fees until we are back up and running.” 

The incident impacted balance inquiries, direct deposits, Zelle transfers, and other transactions, limiting members’ access to their accounts. 

There was no evidence that the attackers were able to access members’ social security numbers or other personally identifiable information; generally, banks and credit unions maintain compliance with the Payment Card Industry Data Security Standard (PCI-DSS), and it’s unlikely that attackers were able to exfiltrate such data from compromised systems.

Ransomware remains a serious threat for U.S. financial institutions.

High-profile attacks from Cl0p, Lockbit, and other ransomware groups impacted thousands of organizations in 2023, and banking institutions were especially vulnerable: At least 60 banks and credit unions were victims of Cl0p’s MoveIt exploit, according to American Banker

Those types of incidents have driven up the cost of cybersecurity insurance, which can protect banks (and their members) during incidents. Even with insurance, the cost of an attack can outweigh material expenses. Severe attacks can diminish trust in banking operations, particularly for smaller institutions. 

Related: Lockbit Ransomware Group Announces Breach of U.S. Federal Reserve

Prevent ransomware attacks by preparing for the worst.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) notes that paying ransoms may be illegal (and as we’ve discussed in other articles, paying the ransom doesn’t guarantee data recovery). A better approach: Prevent attacks before they occur. 

The DOT provides a Ransomware Assessment Tool for banks and nonbanks, which addresses the most common (and preventable) factors that lead to serious attacks. By establishing strong controls, institutions can become less susceptible — and more capable of recovering quickly if and when an attack occurs.

To effectively guard against ransomware, organizations must prioritize the implementation of policy controls. Thoughtful user authorization practices, regular data backups, and thorough education on phishing and social engineering techniques are crucial to prevent ransomware from affecting key systems.

Expert Resources for Ransomware Investigation and Data Recovery provides expert services to aid banks, credit unions, and businesses in countering the effects of ransomware and recovering vital data.

From ransomware recovery to penetration (PEN) testing, disaster recovery deployment, and ransomware investigation, we’re dedicated to providing solutions supported by decades of experience. To learn more, submit a case online or call 1-800-237-4200 to speak with an expert.