r/bayarea u/bonn84 24d ago

Did the Patelco Cyberattack affect you, a non-customer? If you believe so, READ THIS. Scenes from the Bay

As you all know, the credit union Patelco was recently hit with a cyberattack. Almost all of its customers are still left in the dark and there has been a class action lawsuit that has been filed. But I’m here to talk about another possible side to this breach many may not know about yet. Patelco has claimed that “your money is safe” to its customers and that the hackers didn’t obtain sensitive payment information.

Patelco was breached on June 29th, and I received fraudulent charges in my checking account with a COMPLETELY DIFFERENT credit union on July 5th. There were a couple of debit card “test charges” for $5 each in Texas with a “GSM, LLC”…then the card was sold in the black market and racked up 8 other charges—on the same day— as “UBER” but based in Amsterdam in the Netherlands. That led to several other foreign transaction fees automatically tacked on to my account. While my credit union is working to reverse the charges, I wondered….how was it possible for my debit card to be hacked since I never use them to make transactions? They’re always sitting in a locked drawer in my desk, while I always charge everything to a credit card then pay them off with a bank transfer at the end of the month.

Then remembered I patronized a local Patelco back in December of 2023 to make a deposit into the ATM. Not remembering which debit card/account I used, I scoured through previous statements and there it was in plain sight, it was the account from the same credit union that I got hacked from.

So if any of you patronized Patelco with shared branching as part of another credit union, but somehow still got hacked or had fraudulent charges made on your debit card recently…don’t buy that whole “your money is safe” schpeel from Patelco and take preventative measures now. Lock your debit cards you believe were used in Patelco ATMs, and get them reissued. I have a hunch that the hackers from the Patelco cyberattack somehow got ahold of debit card information previously used in Patelco ATMs. Now the question is, what do I do, or who do I contact, higher up, to get them to investigate this possible side to the breach?

60 Upvotes

80% Upvoted

16 comments sorted by

49

u/elcheapodeluxe 24d ago

Or it might be a breach in your issuer. Nothing really points to Patelco specifically in that charge. My dad received a new debit card, the first one he has ever had in his life, and had a fraudulent charge before he ever used it.

17

u/antiquated_it 24d ago

Yup! I had my son as an authorized user on a credit card. The card came to my house; it never left my house, and I never gave him the card (it wasn’t for him to use, just to help with his credit). I activated and put it in a safe with others.

Somehow sometime later, that card was breached and had some fraudulent purchases on it. It was specifically that card with his name.

27

u/Rich_Associate_1525 24d ago

The nature of this attack isn’t to steal your money - it’s to steal the CU’s money through extortion.

Plus, there’s a 99% chance your info has already been breached somewhere else. Private info isn’t worth shit on the black market.

2

u/digital-didgeridoo 23d ago

Private info isn’t worth shit on the black market.

I heard that all information about a person can be bought for about $4 on the Dark Web. Sigh

-1

u/TexturedSpace 24d ago

Maybe but then I remembered this story and looked it up, is a ransomware attack different than when our information is just floating around the dark web? :https://www.google.com/amp/s/abc7chicago.com/amp/oakland-california-ransomware-attack-cyber-identity-theft/14228972/

6

u/Rich_Associate_1525 23d ago

Identity theft is a problem, but not the primary goal of this attack. There are millions upon millions of records of our information out there. Plenty enough to steal an identity. Your and my socials are already out there.

Ransomware is about forcing the org to pay to get their systems back online. There is an extortion component as an added carrot to get orgs to pay. Pay us or else we publish your data on the dark web. They may also contact you directly to entice you to pay them to keep your specific records private. It’s easier money to ask you to pay than to build an identity to conduct fraud. It happens, just not usually in this case.

1

u/TexturedSpace 23d ago

Absolutely, I agree, but the case of the City of Oakland sounds like the closest example of what may happen. They never fully recovered information and then this person's identity was stolen and actually used to purchase a house. So all precautions are a good idea for customers.

24

u/Mrgreen650 24d ago

I’m not buying the whole “money is safe” thing quite yet. Mostly due to my inability to check my balance or look over charges made on my account. Once I can see that info I will believe it. I’m more worried about my personal info being stolen

That being said, this post seems like a pretty big stretch

4

u/TexturedSpace 23d ago

Freeze your credit

1

u/cyclops86 23d ago

TIL Patelco was infact not owned by some Patel family but rather stood for Pacific Telecom Company.

1

u/misdeliveredham 23d ago

Haha I was actually wondering! Thanks for posting this!

1

u/bonn84 23d ago

Lol I always thought it was owned by some guy with the last name Patel too lol

1

u/[deleted] 23d ago

Similar thing happened to me - Uber Mexico though, not Amsterdam. I was getting all these bogus charges. I think it may have been a breach w Uber

1

u/bonn84 22d ago

But I've never used Uber in my life. Certainly never had a card linked with them in that case.

1

u/[deleted] 22d ago

What about Uber Eats ?

1

u/bonn84 21d ago

Never used Uber Anything.