- author, Joe Teddy
- Role, Cyber reporter
The hackers are trying to sell what they say is confidential information belonging to millions of Santander employees and customers.
The bank – which employs 200,000 people worldwide, including about 20,000 people in the UK – confirmed that the data had been stolen.
Santander apologized for what it said was “the understandable concern this will cause”, adding that it was “proactively contacting customers and employees directly affected”.
“Following the investigation, we have now confirmed that some information relating to Santander clients Chile, Spain and Uruguay has been accessed, as well as all current employees and some former employees of the group,” she said in a statement. A statement published earlier this month.
“There is no transaction data, nor any credentials that would allow transactions to be made on the accounts in the database, including online banking details and passwords.”
It said its banking systems were not affected so customers could continue to transact “securely.”
In a post on a hacking forum — first discovered by researchers at Dark Web Informer — the group calling themselves ShinyHunters posted an ad saying they had data including…
- Bank account details of 30 million people
- 6 million account numbers and balances
- 28 million credit card numbers
- Human resources information for employees
Santander did not comment on the accuracy of those allegations.
ShinyHunters previously sold data confirmed to have been stolen from US telecommunications company AT&T.
The gang is also selling what it says is a huge amount of private data from Ticketmaster.
The Australian government says it is working with Ticketmaster to address this issue. The FBI also offered to help.
Some experts said ShinyHunters’ claims should be treated with caution, as they may be just a publicity stunt.
However, researchers at cybersecurity firm Hudson Rock claim that the Santander hack and the apparent Ticketmaster breach are linked to a major ongoing hack of a large cloud storage company called Snowflake.
Hudson Rock says it has spoken to the perpetrators of the alleged Snowflake hack – who claim they gained access to its internal system by stealing the login details of a Snowflake team member.
Snowflake said in a statement on Friday that it was aware of the “potential for unauthorized access” to a “limited number” of customer accounts.
It said it appeared the hackers used login information to access a demo account owned by a former Snowflake employee.
The company said that this account “does not contain sensitive data.”
“We have no evidence to suggest that this activity resulted from any security vulnerability, misconfiguration, or breach of the Snowflake product,” she added.