DUBLIN – Half a million people on Monday were still locked out of their Patelco Credit Union accounts after a security breach on Saturday shut down banking operations with no clear solution in sight.
Patelco President and CEO Erin Mendez on Saturday sent a system-wide email telling customers of a “serious security breach” that required us to shut down some of our day-to-day banking systems so we could correct the problem and contain impact, including online banking, our mobile app and our call center.”
“We deeply apologize for the inconvenience and disappointment caused by this incident. Our branches, call center and chat will be on hand to help as much as possible during regular business hours on July 1,” the Dublin-based credit union’s website read on Monday . “We will answer your questions as best we can, but we are unable to provide specific account details at this time.”
Members of the credit union, which the company estimates at 500,000, were simultaneously locked out of their online accounts, preventing them from checking their statement balances, sending or receiving money or changing passwords.
Patelco said on their social media pages that customers could use “over 30,000 shared branch ATMs in the US” for cash withdrawals and deposits. But residents were unhappy with limited access to their money.
“It shouldn’t have taken your team 36 hours to respond with an official statement. Also – no mention of the security of our assets? Hilarious,” Michele Milz posted on X.
Patelco responded by saying that the company’s CEO “sent an email to all members with an update. While we may not have all the answers right now, your safety and peace of mind is our top priority. Please stay tuned for additional updates through social media.”
Julie Brusca, a San Jose resident, said she first noticed she couldn’t access her Patelco bank account starting around 7 a.m. Saturday morning. She kept trying to check her balances but got nothing. On Sunday, she said she went to a local Patelco ATM but was again unable to access her accounts. Then came the company-wide announcement from the bank’s CEO at 1:53 p.m., she said.
“They were crazy vague about what this was,” Brusca said in an interview with this newspaper.
Patelco did not immediately provide additional information about the severity or causes of the security breach as of early Monday afternoon. The credit union’s press office did not immediately return a request for comment Monday, nor did Mendez.
An updated statement came later Monday afternoon from the press office confirming the breach as a “ransomware attack.”
The statement also said the bank “engaged a leading third-party cyber security forensics firm to help us investigate and recover as quickly as possible” and they are working “around the clock” on the matter.
Brusca called the situation “really bad timing,” especially coming at the end of the month and just before a July 4 bank holiday. She was expecting a pension payment to be deposited into her account over the weekend and has no idea if the payment was returned or deposited.
“Is my money safe?” asked Brusca, a member since 1995. “If you have direct debit for your rent or something, you’re screwed.”
She added, “If they don’t fix this by the end of the week, their reputation is just going to go down because you can’t keep people out of their money for a whole week.”
Patelco, the third largest credit union in the Bay Area, has multiple branches throughout the South Bay, such as in San Jose, Campbell, Santa Clara, Sunnyvale and Milpitas. Other locations are in Fremont, Redwood City, Hayward, Castro Valley, San Leandro, San Mateo, Dublin, Livermore, San Bruno, Oakland, Berkeley, San Ramon and Danville.