Hackers claim to be selling confidential information belonging to millions of Santander staff and customers, alleging they are part of the same group that recently targeted Ticketmaster.
Santander, employing 200,000 people globally, including around 20,000 in the UK, confirmed a data breach. The bank has apologized for the “concern this will understandably cause” and is “proactively contacting affected customers and employees directly.” Santander assured the BBC that UK customer data was not compromised.
“After an investigation, we confirmed that certain information related to customers in Chile, Spain, and Uruguay, as well as all current and some former employees, had been accessed,” the bank stated. They emphasized that no transactional data or credentials enabling account transactions, including online banking details and passwords, were compromised. The bank’s systems remain secure for customer transactions.
The hacking group ShinyHunters posted on a hacking forum, as identified by Dark Web Informer researchers, claiming to possess:
- Bank account details of 30 million people
- 6 million account numbers and balances
- 28 million credit card numbers
- HR information for staff
Santander has not verified these claims.
ShinyHunters have a history of selling stolen data, including confirmed breaches from US telecom firm AT&T. They are also selling purportedly vast amounts of private data from Ticketmaster. The Australian government is collaborating with Ticketmaster to address the issue, and the FBI has offered assistance.
Some experts caution that ShinyHunters’ claims may be exaggerated or a publicity stunt. However, cybersecurity firm Hudson Rock suggests that the Santander and Ticketmaster breaches might be connected to a larger ongoing hack of the cloud storage company Snowflake. According to Hudson Rock, hackers accessed Snowflake’s internal system by stealing a staff member’s login details.
Snowflake acknowledged “potentially unauthorized access” to a “limited number” of customer accounts, stating that hackers used login information to access a demo account of a former employee. This account did not contain sensitive data, and Snowflake reported no evidence of any vulnerability, misconfiguration, or breach of their product.
About the Author
