Patelco has sought help from a third-party cybersecurity firm to investigate the data breach. How many union members were affected and how long it would take before systems are fully restored is unclear.
“When I talked to people on the phone, because I called their customer service line, they weren’t able to give me any sort of information regarding what my balance was,” said Alex Ellis, who’s banked with Patelco for years.
Ellis, who lives in Oregon with her husband, said her grandfather opened an account for her when she was a kid. But the stress she has experienced over the past few days could lead her to leave Patelco altogether, as the attack took place just before the beginning of the month when payments like rent are typically due.
“We are very fortunate that our landlords seem to be working with us and [are] understanding of the situation,” she said. “I’m very interested to kind of see how they finish handling stuff, because it will definitely help determine what I end up deciding to do in the future.”
Ransomware attacks typically target institutions — like schools, health care systems and local governments (like the City of Oakland) — where large tranches of personal information are stored — or hackers presume the victim is willing to spend a lot of money to get the institution up and running again quickly.
Even KQED was hacked in 2018.
Ransomware incidents have been on the rise. In 2023, they went up by 68 percent, according to the ThreatDown State of Malware report published by Malwarebytes, a cybersecurity company based in Santa Clara.
Davis Hake, a San Francisco-based senior director of cybersecurity services at the Venable law firm and an adjunct professor in cyber risk management at UC Berkeley, is a leading author of early cybersecurity legislation in Congress. He shared his insights on the Patelco case with Rachael Myrow, senior editor of KQED’s Silicon Valley news desk.
Here’s an excerpt of their conversation, edited for clarity:
RACHAEL MYROW: Tell us more about ransomware attacks. How do they work exactly?
DAVIS HAKE: Adversaries will start with a phishing attack, which is an impersonation, to try and get someone through email to click on a link, which gives them access to the account. The adversaries then work through low-level attacks to escalate their ability to get closer and closer to critical parts of a business. And then, once they’re there, they’ll deploy malware, which locks down a system.
It’s a type of attack that locks down critical parts of a business. And what attackers were really trying to do here is they’re trying to put pressure on the business to pay an extortion in order to restore services. Unfortunately, we’ve seen these types of attacks become more popular among criminals. Folks may remember the “NotPetya” ransomware attacks of 2017. After that time period, these types of attacks started growing in success. And over the pandemic, when we saw a shift to work from home, as well as major disruptions to health care systems, these attacks really took off and have been a major issue since.
Financial institutions know they’re big targets for hackers. So, what processes do they have in place to prevent these attacks?
Security controls, such as multi-factor authentication, can help limit the adversary getting access to larger accounts. Having backups in place is critical, obviously, so you can restore without paying an extortion.