|
Getting your Trinity Audio player ready...
|
In addition to lingering system disruptions in the wake of a security breach that was identified more than a week ago, Dublin-based Patelco Credit Union is now facing legal challenges in the form of two lawsuits filed amid a system outage spurred by the cyberattack.
Patelco is the defendant in two separate class action lawsuits filed on July 1 and July 3, respectively. The timing of the civil cases falls just days after the credit union’s 450,000 customers lost access to e-banking services on June 29 before being notified of the breach on July 1 — online-based features remain down while branches are open with limited functionality.
Attorneys from the Oakland-based law firm Cole & Van Note filed the first complaint on behalf of plaintiff Eileen Poluck and “all others similarly situated,” which was first reported by broadcast news station KRON4 on Tuesday.
Meanwhile, attorneys at the San Diego law firm Wolf Haldenstein Adler Freeman & Herz had also filed a class action lawsuit on behalf of Livermore resident Josh Warren and “similarly situated” class members in the same federal court.
The crux of the allegations in both complaints is the credit union’s requirement for customers to provide a range of personally identifiable information including Social Security numbers addresses, and account information in order to use Patelco’s services, with customers having a reason to expect that information will be kept secure and private – something thrown into question by the recent security breach.
Attorneys in the Poluck case allege that Patelco “intentionally, willfully, recklessly and/or negligently” failed to take measures to ensure that customers’ personal information was kept secure, and that the credit union neglected to “follow applicable, required and appropriate protocols, policies and procedures regarding the encryption of data.”
“As a result, Representative Plaintiff’s and Class Members’ Private Information was compromised through disclosure to an unknown and unauthorized third party — an undoubtedly nefarious third party seeking to profit off this disclosure by defrauding Representative Plaintiff and Class Members in the future,” attorneys wrote in the Poluck complaint.
In addition, attorneys in both complaints point to the inconvenience and frustration brought on by both the cyberattack and the ensuing outage, with Patelco customers still facing intermittent outages and other obstacles and the credit union providing no timeline for when full services might be restored.
Attorneys for Poluck allege that she and other Patelco customers “suffered lost time, annoyance, interference and inconvenience as a result of the Data Breach and has anxiety and increased concerns for the loss of privacy, as well as anxiety over the impact of cybercriminals accessing, using and selling” her private information.
Warren’s case elaborates further on the inconveniences experienced by customers.
“Moreover, because of the Data Breach and resulting service outages stemming therefrom, Defendant has been encouraging Plaintiff and Class Members to travel to and from various Patelco ATM locations to withdraw or deposit their money thereby causing Plaintiff and Class Members to incur out-of-pocket travel expenses (including but not limited to gasoline/fuel expenses and wear and tear on their personal vehicles),” attorneys for Warren wrote.
Attorneys in both cases also allege that Patelco failed to address the cyberattack in a timely fashion, as well as withholding the reason for the outage from customers until a full day had passed and continuing to withhold details of the incident.
“Noticeably absent from the Notice Email are details of the root cause of the Data Breach, the vulnerabilities that were exploited, and the remedial measures that Patelco undertook to ensure such a breach does not happen again,” attorneys for Warren wrote. “To date, these critical facts have not been explained or clarified to Plaintiff or the Class Members, who have a vested interest in ensuring that their (personal identifying information) remains protected.”
Patelco posted another update on the situation late Tuesday, reiterating the message from their previous update on Sunday that their system was “stable” and progress was being made to restore services.
“I want to address the question many of you are asking about the date when systems will be up and operational with access to account information and online/mobile banking,” Patelco CEO Erin Mendez said in Tuesday’s update. “We recognize this is critical information to get to you as soon as possible. Although we don’t yet have a specific date to share with complete confidence, we are committed to sharing status updates along the way.”
Mendez added that the credit union was working to “catch up” in processing electronic and in-person transactions, with 50% anticipated to be complete by Wednesday and full completion expected by Friday.
“Once that happens, we will be able to confirm the date when you will be able to access your accounts,” Mendez said.
“We don’t take lightly the position our members are in and are committed to communicating with our members as we have further updates to share,” she added.
A case management conference for the Warren lawsuit is scheduled for Oct. 3, and one for the Poluck lawsuit is set for Oct. 16. Both cases are making their way through the U.S. District Court for the Northern District of California.
Draeger’s Market closing store in Blackhawk, cites ‘declining condition’ at plazaJanuary 9, 2026 4:37 pm
Tri-Valley residents protest, mourn after ICE officer fatally shoots mother in MinneapolisJanuary 11, 2026 8:23 pm