Patelco Slapped With $100K Fine For Ransomware Breach: Reports

DUBLIN, CA — Patelco, the Dublin-based credit union that shut down for weeks following a ransomware attack, agreed to a consent order that requires a $100,000 penalty and the establishment of a new cybersecurity program, according to reports.

The California Department of Financial Protection and Innovation ordered Patelco to designate a qualified individual to over its cybersecurity program, and hire an independent compliance consultant to support a new cybersecurity program.

“Following the cybersecurity incident we experienced in June 2024, we worked closely with the California Department of Financial Protection and Innovation (DFPI) to understand and address their questions and achieve a resolution,” Patelco President Erin Mendez said in a statement..

“As part of this resolution, we are implementing enhanced measures to further strengthen our cybersecurity program — many of which are already underway. These proactive steps underscore our unwavering commitment to transparency, protecting our members’ information and privacy, and continuously improving our systems to prevent future incidents. By investing in these improvements, we reaffirm our dedication to resilience and the trust our members and community places in us.”

Patelco is also facing numerous lawsuits that allege they did not take the necessary precautions to protect themselves from hackers. A consolidated lawsuit pending in Alameda County Civil Court alleges that the credit union failed to take "adequate and reasonable measures" to protect member information. It faces another lawsuit from members who allege that they discovered 26 fraudulent transactions on their account totaling more than $14,000, according to the Credit Union Times.

The credit union lost $39 million in the hack, which lasted from June 29 to July 16, according to the Credit Union Times. Membership also dropped by 9,000, according to reports filed with the National Credit Union Administration.