Minor restorations in online functions were made after a week of customer lockdowns at Patelco Credit Union.
The Dublin-based financial institution claimed it suffered a cyber-attack that targeted its systems and databases. By Friday, the company’s CEO Erin Mendez said Patelco’s half a million customers’ “money is safe and secure.”
However, patrons have still remained locked out of their accounts and unable to check balances. Many said they are still unable to access basic banking operations like direct deposits.
“We continue to work together with top cybersecurity professionals to investigate and return to full operations as quickly and safely as possible,” Mendez said in a news release. “While we do not have a definitive timeline for full functionality of our services, please know that we are bringing all resources to bear to respond to this incident and be assured that will keep you informed of our restoration progress.”
According to Mendez, as of Wednesday, cybersecurity experts " have validated and greenlighted our core systems.” She assured customers have access to certain functions like check writing, limited credit and debit transactions, any form of deposit, Venmo and PayPal, and electronic payments for bills.
Debbie Kristofferson, a Patelco customer, said despite having access to Venmo she still doesn’t have access to her account.
“We don't have access to our accounts,” she said. “We can use an atm, but we have no idea how much money is your account and when you fire up the app it says the system is down and has been for eight days.”
Kristofferson said the ordeal has added unneeded stress and she’s frustrated.
“Honestly the way they handled it, I’m not a member moving forward,” she said.
Get a weekly recap of the latest San Francisco Bay Area housing news. Sign up for NBC Bay Area’s Housing Deconstructed newsletter.
The company initially took to X to tell customers it was experiencing an outage on Saturday, June 29.
At the time Patelco advised its customers to access cash withdrawals and deposits at specific ATMs within the credit union’s Co-Op network. According to the company, there are over “30,000 shared branch ATMs in the US.”
Due to the incident, the credit union said it will reimburse its customers for late fees and overdraft charges.
Following the outage, a slew of lawsuits have come against Patelco alleging it failed to "properly secure and safeguard" protect members’ personal information from the ransomware attack.
One suit, which is aiming for class-action status, is looking for actual, nominal and consequential damages from Patelco.
"Once private information is stolen, particularly identification numbers, fraudulent use of that information and damage to victims may continue for years," the lawsuit states
The lawsuit was filed in U.S. District Court for Northern California. Others were filed in the Alameda County Superior Court.
The credit union currently has $9 billion in assets under management and is considered one of the oldest and largest in the state, according to the company.
It’s unclear when the company’s systems will be fully up and what impact the attack had on its AUM and customer data.
“Hackers, their main goal is to get information,” said Ahmed Banafa, a cyber security expert at San Jose State University. “This is going to do two things for them. Number one, they can sell it on the dark web if they can get information from the credit union. Number two, they can use this information to access other accounts connected to the credit union.”
Patelco hasn't said who is responsible for the attack or what demands the attackers made.
The attack came as customers prepared to pay first-of-the-month bills.
Banafa said customers need to be cautious going forward and monitor all activity.
“Monitor your credit to make sure there are no new accounts opened under your name,” he said.
