Patelco Credit Union made two major moves in recent days to contend with the fallout of a weeks-long cybersecurity breach last year that led to banking outages impacting nearly 500,000 customers.
The Dublin-based credit union agreed to settle a class-action lawsuit last week that was brought forth by impacted customers shortly after the data breach that resulted in systemwide outages last summer. The legal move came days after announcing a new auditing executive.
Patelco officials confirmed the appointment of Ricardo Araujo as the credit union’s chief audit executive June 6, putting him at the helm of an internal auditing team that has been bolstered in recent months after Patelco agreed to a cease and desist order from the state over “unsafe and unsound practices” that were revealed by investigations into last summer’s cyberattack.
“I’m joining Patelco at a pivotal time in the organization’s trajectory,” Araujo said in the press release. “Continuing the strong progress within the internal audit organization and with business groups throughout Patelco will bolster its risk management and security technology systems and protocols.”
The consent order Patelco agreed to from the state Commissioner of Financial Protection and Innovation earlier this year – which did not require the credit union to admit or deny any wrongdoing – included a $100,000 fee and an agreement to bolster the company’s auditing and cyber security risk analysis teams.
Araujo’s role is set to include leading the credit union’s internal audit operations and working alongside its chief risk officer – Mani Massoomi, who was hired to the new position in March – to bolster Patelco’s auditing processes and “safeguard the integrity of the company’s operations”.
“Ricardo has a strong track record in reducing corporate risk exposure and fostering a strong culture of risk management,” Patelco CEO Erin Mendez said in the company’s press release. “We are confident that his vision and experience will play a key role in advancing our internal audit function and supporting the long-term success of our organization as a solid foundation for our members.”
Days later, Patelco made another stride toward contending with the aftermath of last summer’s cyberattack, with a judge tentatively ruling in favor of a preliminary approval of a $7.25 million settlement agreement in a class-action lawsuit with 12 named plaintiffs in Alameda County Superior Court on June 9.
The settlement agreement also does not require any denial or admission of wrongdoing on Patelco’s part. The lawsuit was first brought forth July 2, 2024, days after the cybersecurity attack was discovered by Patelco and at the start of its ensuing outages.
Meanwhile in federal court, attorneys for Patelco are seeking a motion to dismiss in a lawsuitfrom married couple Mae Aquino and Donte Brown Jr., who allege that they were hit with $14,373 in fraudulent charges days into the cybersecurity attack and outage last summer.
A hearing on that motion is set for Aug. 12 at 2 p.m. Pending the judge’s decision on the motion to dismiss, the case is set for a jury trial in January 2027.
