Lucy Flores attempts to check her balance at a Patelco ATM on Kala Bagai Way in downtown Berkeley, Calif., on Monday, July 1, 2024. “It makes me nervous not to be able to see what’s coming through my account,” Flores said. (Jane Tyska/Bay Area News Group)
DUBLIN – Four days after a ransomware attack crippled its systems, Patelco Credit Union remained unable to tell its members when banking operations would return to normal.
The Dublin-based credit union has not released additional details about the security breach that has left members barred from electronic payments, deposits and transfers since last weekend.
Customers continued on Tuesday to wait in lines to use bank ATMs and remained forced to visit Patelco branches throughout the state to withdraw cash, though they are still unable to access their statement balances or any information regarding their online banking.
Enrique Juarez, one of the credit union’s estimated 500,000 members, visited the Story Road branch in San Jose to ask about his social security check, which bounced and is his only source of income since retiring in January. A banker told him to check with the federal agency, he said Tuesday.
“I’ve never had a problem before,” said Juarez, a San Jose resident and retired warehouse worker. “Everything’s frozen, I can’t even check my balance until this is resolved – and they don’t know” when that will happen.
Ahmed Banafa, a San Jose State University lecturer and expert in cybersecurity, said Tuesday that it looks likely that hackers infiltrated the bank’s internal databases via a “phishing email” and encrypted its contents, locking out the bank from its own systems.
“The hackers, what they do usually, they ask for cryptocurrency, they ask for payment. That’s why it’s called ransomware,” Banafa said.
Patelco is estimated to manage more than $9 billion in assets across 37 branches statewide. It is unclear how many of the bank’s half a million accounts have been compromised and to what extent the bank’s assets have been affected.
Banafa called Patelco a “soft target” for hackers, or a target with low security such as schools and hospitals, compared to other higher-profile companies with more sophisticated cybersecurity protections such as federal government databases. It is possible the hackers are targeting either personal information of bank customers or money directly from the credit union, he said.
“This kind of information, hackers can take this information and sell it on the dark web and they can use it,” Banafa said, referring to illegal online servers selling contraband and other illegal services.
He said likely the hackers will demand an amount of money from the credit union to restore its systems back to normal, and will continue to hold the bank’s accounts hostage until either the bank finds a way around the hack or until the hackers are paid. He said payment is usually demanded in crypto currencies, such as BitCoin, and often transferred to an offshore account outside of the U.S.
After Patelco waited more than 24 hours to release an update regarding the initial attack on Saturday, Banafa said “it was clear they are struggling.”
Patelco created a dedicated website Monday to update customers on the security breach, with another message from CEO Erin Mendez. Mendez wrote that they continue working with “third party cybersecurity experts” to restore Patelco functions, and that they have been cooperating with law enforcement authorities.
“To our valued members – please know that if you incur a late payment fee because of this outage, rest assured we will reimburse you for those fees. If any of our members have concerns about late payments impacting their credit score, we will write letters on your behalf. We will also waive any Patelco overdraft, late payment or ATM fees until we are back up and running,” Mendez wrote.
And she added that “we sincerely apologize for the inconvenience our members have experienced and look forward to providing more updates in the coming days and weeks.”
Banafa said the fact whoever executed this attack chose the beginning of a new month and an upcoming bank holiday to strike was quite intentional, too.
“The timing is very bad for the users and actually well planned timing for the hackers,” Banafa said. “The layers of trouble are magnified by the timing…The people who planned this planned it when there was a lot of money.”
It left many customers scrambling to figure out how to pay rent, their mortgage and other bills.
“I don’t feel comfortable using my card, even though I can,” said Lakeisha Thomas of downtown San Jose, who added that her bills are stacking up and she’s afraid her account will overdraft because she doesn’t know how much is in her account right now. “I don’t want to owe later.”
Jermaine Johnson, a Mountain View resident, said in an interview that he is likely going to move his savings account to another bank after first hearing Tuesday about the four-day old debacle.
“It’s scary first of all,” Johnson said. “If I didn’t have the low amount of money that was in there I would be even more terrified of it. But it’s terrifying because you put your finances in a place that you think is going to be secure, and it turns out that it’s not secure.”
