Crisis struck: Lessons learned from the Patelco and CrowdStrike crises

Imagine waking up one morning and finding you can’t access your money. This nightmare became a reality for half a million members of Patelco Credit Union on June 29, when the Dublin, CA-based credit union—one of the largest in the Bay Area and the country—was hit by a crippling ransomware attack. For more than two weeks, members were left without electronic access to their funds and online transaction capabilities, including direct deposits.

This incident has sent shockwaves through the financial industry, highlighting the lurking threat of cyberattacks and raising crucial questions about preparedness and customer trust. While there are a lot of bad actors out there, is your credit union acting poorly when it comes to preparation? Will your members leave as a result? This should be of upmost concern for your credit union’s reputation.

In response to the attack, Patelco members have filed a class-action lawsuit against the credit union, claiming the organization failed to properly manage member information in relation to data security. The lawsuit also alleges Patelco did not conduct regular security testing or adequately train its employees, raising concerns about whether the credit union did enough to mitigate potential disruptions and ease the aftermath of the unexpected.

The incident underscores the importance of crisis communication planning. If a similar attack were to hit your credit union, would you be prepared?

You’ve been CrowdStruck

On a more up-and-up front, when a CrowdStrike security software update knocked 8.5 million PCs offline last month, the situation gave Microsoft a ready perpetrator to point to when things when awry globally. While CrowdStrike quickly identified and deployed a fix for the issue, the roll-out paralyzed operations across various sectors.

What would happen in your credit union if a vendor disruption affected members who rely on your product or service? If the only plan you have in place is to hold your vendors as scapegoats and stand behind your own good reputation…THIS IS NOT ENOUGH.

Microsoft’s proactive communication highlights the importance of managing vendor relationships and having a clear response plan. The company began posting communication updates on its own forums about communicating with CrowdStrike and external developers, to collect information and expedite solutions for its customers.

As an expert on reputation management, ReputationUs recognizes that different industries have different considerations. However, there is one clear standard: Not only is it irresponsible to simply point a finger at a problem—it’s unacceptable.

Credit unions need strong crisis-response strategies to maintain trust and protect their reputations. Testing your credit union’s ability to handle disruptions is crucial. If you haven’t prepared, it’s time to develop a solid plan. Have you run simulations to identify key vulnerabilities and communication strategies? If not, DO IT! Instead of blaming others, having a responsible, executable plan helps secure your credit union’s good reputation for the long-term.