Patelco Credit Union issued with consent order and $100,000 fine by California’s DFPI
The California Department of Financial Protection and Innovation (DFPI) has issued a consent order, including a $100,000 fine, to San Francisco-based Patelco Credit Union over alleged “cybersecurity violations”.
Patelco issued with consent order and $100,000 fine by California’s DFPI
The California DFPI says the consent order follows an investigation prompted by a ransomware attack which “caused essential computer functions at Patelco to shut down from June 29, 2024, to July 15, 2024, and disrupted services to Patelco’s members, including the inability to conduct any online banking functions”.
“At that time, ransomware attackers were also able to access a significant number of members’ personally identifiable information (PII),” the regulator alleges.
The consent order says that Patelco had around 500,000 members at the time of the ransomware attack.
“Last summer’s cybersecurity breach at Patelco adversely affected hundreds of thousands of credit union members,” comments KC Mohseni, acting commissioner of the California DFPI.
Mohseni continues: “They were locked out of their accounts for weeks and their personal information was compromised. This Department is committed to holding accountable companies that do not adequately protect their customers’ data.”
The California DFPI says that the consent order “directs Patelco to correct failures in their cybersecurity programs to comply with state and federal cybersecurity requirements”.
“The company is also ordered to retain an independent compliance consultant to oversee remediation, report to the DFPI on the company’s cybersecurity programs, and pay a penalty of $100,000,” the regulator states.
In a statement sent to FinTech Futures, Erin Mendez, president and CEO of Patelco, says: “Following the cybersecurity incident we experienced in June 2024, we worked closely with the California DFPI to understand and address their questions and achieve a resolution.
“As part of this resolution, we are implementing enhanced measures to further strengthen our cybersecurity program—many of which are already underway.
“These proactive steps underscore our unwavering commitment to transparency, protecting our members’ information and privacy, and continuously improving our systems to prevent future incidents.
“By investing in these improvements, we reaffirm our dedication to resilience and the trust our members and community places in us.”
Founded in 1936 and with $9 billion in assets, Patelco is currently one of the oldest and largest credit unions in the US.
