Hackers have claimed to possess confidential information of millions of Santander customers and employees, which they are attempting to sell. The same group, ShinyHunters, is also responsible for the recent Ticketmaster hack.
Santander, a global bank with approximately 200,000 employees, including 20,000 in the UK, has confirmed the data breach. The bank apologized for the concern this incident may cause and is proactively contacting affected customers and employees.
The bank’s statement, released earlier this month, confirmed that hackers accessed information related to Santander Chile, Spain, and Uruguay customers, as well as current and some former Santander employees. However, the bank assured that no transactional data or credentials allowing transactions were compromised, including online banking details and passwords.
On a hacking forum, ShinyHunters claimed to have data such as 30 million people’s bank account details, 6 million account numbers and balances, 28 million credit card numbers, and HR information for staff. Santander has not verified these claims.
ShinyHunters has a history of selling stolen data, including data from US telecoms firm AT&T. The group is also selling what it claims to be a significant amount of private data from Ticketmaster. The Australian government and the FBI are involved in addressing the Ticketmaster issue.
Some experts advise caution regarding ShinyHunters’ claims, as they may be a publicity stunt. However, cyber-security company Hudson Rock claims that the Santander breach and the Ticketmaster one are linked to a major ongoing hack of a large cloud storage company, Snowflake.
Hudson Rock alleges that the hackers gained access to Snowflake’s internal system by stealing a member of Snowflake staff’s login details. In response, Snowflake stated that it was aware of “potentially unauthorised access” to a “limited number” of customer accounts.
The company believes that hackers used login information to access a demo account owned by a former Snowflake employee, which “did not contain sensitive data.” Snowflake maintains that there is no evidence suggesting that this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product.