Hackers are attempting to sell what they claim is confidential information belonging to millions of Santander staff and customers, with the same group claiming responsibility for hacking Ticketmaster earlier this week.
Santander, which employs 200,000 people worldwide, including around 20,000 in the UK, has confirmed that data has been stolen. The bank has apologized for the concern this has caused and is proactively contacting affected customers and employees directly.
The stolen data reportedly includes information on customers of Santander Chile, Spain, and Uruguay, as well as current and some former Santander employees. However, Santander has clarified that no transactional data or credentials allowing transactions to occur were included in the breach.
Despite the breach, Santander assured customers that its banking systems remain unaffected, allowing them to continue to transact securely.
The hacker group, known as ShinyHunters, posted an advertisement on a hacking forum claiming to have data on 30 million people’s bank account details, 6 million account numbers and balances, 28 million credit card numbers, and HR information for staff. Santander has not confirmed the accuracy of these claims.
ShinyHunters previously sold data stolen from US telecoms firm AT&T and is also selling what it claims is a large amount of private data from Ticketmaster. The Australian government and the FBI are both involved in addressing the Ticketmaster breach.
While some experts warn that ShinyHunters’ claims should be treated with caution as they may be a publicity stunt, cybersecurity company Hudson Rock claims that the Santander breach and the Ticketmaster breach are linked to a major hack of a large cloud storage company called Snowflake.
Hudson Rock says it has spoken to the alleged perpetrators of the Snowflake hack, who claim they gained access to its internal system by stealing the login details of a member of Snowflake staff. Snowflake, however, has stated that it is aware of potentially unauthorized access to a limited number of customer accounts and that no sensitive data was compromised.
Also Read, Pro-Palestinian Protesters Disrupt Brooklyn Museum
