Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.

    Support MFO

  • Donate through PayPal

Ransomware attack on Patelco Credit Union

edited August 20 in Other Investing
Just as we were extolling the services of credit unions, I received an email today informing me (see the quoted text below) that my information was compromised. I closed the account a couple of years ago and that was the last of the small financial institution relationship I had.

"What Information Was Involved?

The information in the accessed databases included first and last name with Social Security number, Driver’s License number, date of birth, and/or email address. Not every data element was present for every individual."

That is an extensive breach which makes me think their data segregation was not proper.

"[W]e contained the threat by proactively disabling all unauthorized access to our network, restoring all data, and immediately commencing a prompt and thorough investigation. We also notified law enforcement. As part of our investigation, we worked very closely with external cybersecurity professionals experienced in handling these types of incidents. The investigation revealed that an unauthorized party gained access to our network on May 23, 2024, leading to access to the databases on June 29, 2024. Following the investigation and a thorough review of the data involved, we confirmed on August 14, 2024, that the accessed databases contained your personal information."

Patelco does not say if they paid the attackers but they say they restored all the data. I think in most cases the Ransomware attackers delete the information accessed if they are paid. How can I find out if they paid the Ransomware attackers?

"What You Can Do

To help protect your information, we are offering a complimentary two-year membership of Experian IdentityWorksSM Credit 3B. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft."

I already have credit frozen at all three credit unions (Experian calls it "security freeze"). Experian had said that they send you an alert every time someone tries to access your credit file. I recently opened a B0A account and evidently BoA checks your credit file but I have not received any alert.

Does anyone have experience with "Experian IdentityWorksSM Credit 3B"? Any negatives in signing up for this service?

Thanks.

Comments

  • No, not that particular one. I was at a physical rehab hosp 3 years ago. Scumbag criminal pig hackers breached the files. I was offered ONE year protection with IDX out of Portland. There have not been any Alerts. Hackers: The slimiest of criminal creatures. I'll stop here before it gets obscene. I'd say it's definitely worth signing-up for the protection.
  • edited August 21
    A local library system was impacted by a ransomware attack which occurred Memorial Day weekend.
    I loathe the cybercriminals who do this!
    https://shelftalkblog.wordpress.com/statement/
  • Hating the cyber criminals is not going to do us mortals any good. Many times there are state actors involved and I am pretty sure the US government returns the favor in kind. But when the victim is a credit union and its members, the US government is not going to sweat.

    We have to work with the world as is.
  • edited August 21
    Patelco CU has been in the news for a while - check X/Twitter.

    There have been previous posts on data breaches - MOVEit data transfer, Inforsys/MacCamish, etc.

    A typical deal offered is 2-3 years of credit monitoring by one of the credit agencies or 3rd parties like Kroll.

    The biggest breach of all may be the NPD - National Public Data breach that will affect almost everybody. NPD is a national database used for background checks & fraud prevention and it most likely has your data too.
  • Everyone these days should lock their credit records at (at least) the Big 5 companies, set alerts for big (or suspicious) purchases if they can, and check their statements/registers for oddities.

    As much as I hate having too many accounts open, it's good to have multiple credit cards and bank accounts just in case one of them gets hit by something bad.
  • The biggest breach of all may be the NPD - National Public Data breach that will affect almost everybody. NPD is a national database used for background checks & fraud prevention and it most likely has your data too.

    And those of your deceased ancestors (I checked). Check yourself, your family, your friends, etc. here. You just need full name, state, and year of birth. Sloppy data but pretty broad reach.

    https://npd.pentester.com/search
  • @ rfono I know of three credit bureaus most usually mentioned but are there two others?

    I have had a credit freeze for years. When I called the provider offering credit monitoring from one my many hacks, they said a credit freeze prevents them from monitoring your account.

    We have had our data hacked so many times I have lost count.
  • +1. New information.
  • edited August 24
    d
Sign In or Register to comment.