- author, Joe Diddy
- stock, Cyber reporter
Hackers are trying to sell confidential information belonging to millions of Santander employees and customers.
The bank – which employs 200,000 people worldwide – including around 20,000 in the UK – has confirmed the data breach.
Santander apologized for what it said was “understandably concern” and said it was “directly contacting affected customers and staff”.
“Following an investigation, we have now confirmed that certain information relating to Santander’s clients in Chile, Spain and Uruguay and the group’s current and some former Santander employees were accessed,” it said. A report released earlier this month.
“The database does not contain any transaction data, including online banking details and passwords, or any credentials that allow transactions to be made on accounts.”
It said its banking systems were not affected, so customers could continue “secure transactions”.
In a post on a hacking forum – first discovered by researchers at Dark Web Informer – a group calling themselves Shinehunters advertised that they had the data.
- Bank account details of 30 million people
- 6 million account numbers and balances
- 28 million credit card numbers
- HR information for employees
Santander did not comment on the accuracy of those claims.
ShinyHunters previously sold data that was confirmed to have been stolen from US telco AT&T.
The gang is selling a huge amount of personal data from Ticketmaster.
The Australian government says it is working with Ticketmaster to resolve the issue. The FBI has also stepped in to help.
Some experts have said that ShinyHunters’ claims should be treated with caution as they could be a publicity stunt.
However, researchers at cyber-security firm Hudson’s Rock say the Santander breach and the apparent Ticketmaster one are linked to a major hack of a major cloud storage company called Snowflake.
Hudson Rock says it has spoken with the perpetrators of the alleged Snowflake hack — who say they gained access to Snowflake’s internal system by stealing the login credentials of a Snowflake employee.
In a statement on Friday, Snowflake said it was aware of “potential unauthorized access” to a “limited number” of customer accounts.
It appears the hackers used login information to access a demo account owned by a former Snowflake employee.
The company said the account had “no critical data”.
“We have no evidence that this activity was caused by any vulnerability, misconfiguration or breach of Snowflake’s product,” it added.
“Total coffee junkie. Tv ninja. Unapologetic problem solver. Beer expert.”