Hackers claim to have millions of Santander employees’ and consumers’ private information, which they are trying to sell. They are members of the same gang who announced this week that they had compromised Ticketmaster. The bank, which has 200,000 employees globally, including about 20,000 in the UK, has acknowledged that data has been compromised. Santander has expressed regret for “the concern this will understandably cause” and disclosed that it will be “proactively contacting affected customers and employees directly.”
“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed,” it stated in a statement released earlier this month. “No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords.” It added that consumers may continue to “transact securely” because its financial systems remained unaffected.
Researchers at Dark Web Informer initially saw an advertisement from a group going by the name ShinyHunters on a hacker forum. The advertisement claimed to have data including
- 30 million people’s bank account details
- 6 million account numbers and balances
- 28 million credit card numbers
- HR information for staff
Santander has not addressed the veracity of such assertions. Data that has been proven to have been stolen from US telecom company AT&T has previously been sold by ShinyHunters. In addition, the group claims to be selling a substantial quantity of Ticketmaster customer information. To resolve the matter, the Australian government claims to be collaborating with Ticketmaster. Additionally, the FBI has offered to help. The statements made by ShinyHunters should be regarded cautiously, according to some experts, as they might be a PR gimmick.
Researchers at the cyber-security firm Hudson Rock, however, assert that there is a significant ongoing hack of a big cloud storage provider named Snowflake, which is connected to both the Santander breach and the purported Ticketmaster one. The culprits of the purported Snowflake hack, according to Hudson Rock, claim to have communicated with them and that they were able to enter the company’s internal network by obtaining the login credentials of a Snowflake employee.
Although Snowflake would not confirm this, it did inform customers on Friday that it was “investigating an increase in cyber threat activity targeting some of our customers’ accounts.” There may be a lot more victims if Snowflake is shown to be the origin of these ongoing hacking attempts.
