Hackers Hit Santander Bank
June 12, 2024
The BBC reports that hackers are selling confidential information belonging to millions of customers and staff of Spain-based Santander Bank. The data was stolen in a cyberattack that the bank has acknowledged. All 200,000 employees were affected, along with customers from Chile, Spain, and Uruguay.
“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords,” said the bank. It claimed that customers worldwide could continue to transact bank business securely.
A post on a hacking forum offered the data for sale and identified the perpetrators as ShinyHunters, the same group that recently stole data from AT&T and Ticketmaster.
The breaches exploited information accessed when the login details of a staff member of the large cloud storage company, Snowflake, were stolen. The Australian government is working with Ticketmaster to address its issues. The FBI has offered to assist.
Sources other than the BBC say that ShinyHunters offered the Santander Bank a chance to buy back the data for $2 million, then demanded a half-million dollar ransom to prevent its sale on the dark web.
The bank declined both offers because the hackers are now offering information for sale, including 30 million people’s bank account details, 6 million account numbers and balances, 28 million credit card numbers, and human resources information for bank staff.
Santander has not commented on the validity of the hackers’ claims. It apologized for what it says is “the concern this will understandably cause” and says it is “proactively contacting affected customers and employees directly.”
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.