Bussiness
Half a million Patelco members locked out of credit union accounts due to security breach
DUBLIN — Half a million people on Monday were still locked out of their Patelco Credit Union accounts after a security breach on Saturday shut down bank operations with no clear resolution in sight.
Patelco’s President and CEO Erin Mendez on Saturday sent a systemwide email telling customers a “serious security “ breach “required us to shut down some of our day-to-day banking systems so that we can remediate the issue and contain the impact, including our online banking, our mobile App, and our call center.”
“We deeply apologize for the inconvenience and frustration caused by this incident. Our branches, call center and chat will be ready to assist as much as possible during regular business hours July 1,” the Dublin-based credit union’s website read Monday. “We’ll answer your questions as best we can, but we’re unable to provide specific account details at this time.”
Members of the credit union, which the company estimates at 500,000, were simultaneously locked out of their online accounts, barring them from checking their statement balances, sending or receiving money or changing passwords.
Patelco said on their social media pages that customers could access “over 30,000 shared branch ATMs in the U.S.” for cash withdrawal and deposits. But residents were unhappy with the limited access to their money.
“It shouldn’t have taken your team 36 hours to respond with an official statement. Also — no mention of the safety of our assets? Ridiculous,” Michele Milz posted on X.
Patelco responded saying the company CEO “sent an email to all members with an update. While we might not have all the answers now, your security and peace of mind is our top priority. Please stay tuned for additional updates via social media.”
Julie Brusca, a San Jose resident, said she first noticed she couldn’t access her Patelco bank account beginning about 7 a.m. Saturday morning. She continued to try checking her balances, but got nothing. On Sunday, she said she went to a local Patelco ATM but was again unable to access her accounts. Then came the company-wide notice from the bank’s CEO at 1:53 p.m., she said.
“They were maddeningly vague about what this was,” Brusca said in an interview with this newspaper.
Patelco did not immediately offer additional information about the severity or causes of the security breach by early afternoon Monday. The credit union’s press office did not immediately return a request for comment Monday, nor did Mendez.
An updated statement came later in the afternoon Monday from the press office confirming the breach as a “ransomware attack.”
The statement also said the bank “engaged a leading third-party cybersecurity forensic firm to help us to investigate and recover as soon as possible” and they are working “around the clock” on the issue.
Brusca called the situation “really bad timing,” especially it happening at the end of the month and just before a bank holiday on July 4th. She expected a retirement payment to drop into her account over the weekend and has no idea whether the payment bounced or got deposited.
“Is my money safe?” questioned Brusca, a member since 1995. “If you’ve got direct debit for your rent or something, you’re screwed.”
She added, “If they don’t fix this by the end of the week their reputation is just going to go down the tube because you can’t just keep people from their money for a whole week.”
Patelco, the third-largest credit union the Bay Area, has multiple branches throughout the South Bay, such as in San Jose, Campbell, Santa Clara, Sunnyvale and Milpitas. Other locations are in Fremont, Redwood City, Hayward, Castro Valley, San Leandro, San Mateo, Dublin, Livermore, San Bruno, Oakland, Berkeley, San Ramon and Danville.