Confidential information including bank and credit card numbers of millions of Santander customers is being auctioned to the highest bidder by hackers. The group, ShinyHunters has posted an advert on a hacker forum offering the stolen data for $2 million (£1.6 million). The breach also includes staff HR details. ShinyHunters is the same group that claims to have previously hacked Ticketmaster.
Also Read: Samsung Union Calls First-Ever Strike After Pay Negotiations
Santander, which employs approximately 200,000 people globally including about 20,000 in the UK, confirmed the hacking incident two weeks ago.
In a statement issued on 14 May, the bank disclosed that certain information relating to customers in Santander Chile, Spain, and Uruguay as well as data pertaining to all current and some former employees of the group.
The bank assured that customer data in other markets and businesses remained unaffected. It also clarified that no transactional data or credentials that could enable transactions on accounts were included in the compromised database.
This includes online banking details and passwords. Santander stated that its banking systems were not affected allowing customers to continue transacting securely.
The bank apologized for the concern this will understandably cause and mentioned that it was contacting affected customers and employees directly.
Santander confirmed that it had implemented measures to contain the incident immediately upon discovering the unauthorized access to a database hosted by a third-party provider.
According to ShinyHunters’ Claims, the Stolen Data Comprises:
- Information on 30 million customers
- 6 million account numbers and balances
- 28 million credit card numbers
Santander has not verified the accuracy of these claims. A source with knowledge of the compromised data suggested that the figure of 30 million accounts might be an overestimation.
ShinyHunters has a history of high-profile cyberattacks. The group claims to have hacked Ticketmaster, compromising the personal details of more than 500 million customers. This includes names, addresses, phone numbers, and partial payment details of 560 million customers.
Authorities in Australia and the US are currently engaging with Ticketmaster to understand and respond to the incident.
ShinyHunters is reportedly demanding a ransom of approximately £400,000 from Ticketmaster to prevent the data from being sold on the dark web. The group has also previously sold data stolen from US telecoms giant AT&T.
Also Read: Billionaire Larry Connor Plans Safe Titanic Submersible Expedition
The cyberattack on Santander highlights the cybersecurity threats faced by financial institutions globally. Western banks have experienced a surge in cyberattacks over the past two years, attributed to Russian hackers retaliating against sanctions placed on their country and banks following the invasion of Ukraine.
According to cybersecurity company Sophos, the number of ransomware attacks in the finance industry rose by 64 percent last year nearly doubling the levels seen in 2021.
One of the biggest cyberattacks on a bank occurred a decade ago when JPMorgan’s data on 83 million accounts including 76 million households and 7 million businesses was compromised.
Santander has apologized for the concern caused and is contacting affected customers and employees directly. The bank confirmed that no transactional data or credentials that would allow transactions to take place were included in the stolen data.
This means online banking details and passwords were not compromised. Banking systems were not affected ensuring that customers can continue to transact securely.
ShinyHunters is the group behind the recent hack of Ticketmaster. They have previously sold stolen data from US telecoms firm AT&T.
ShinyHunters Posted an Advert Claiming to have the Following Data:
- 30 million people’s bank account details
- 6 million account numbers and balances
- 28 million credit card numbers
- HR information for staff
- Sales: They are attempting to sell this data on the dark web.
Hudson Rock, a cybersecurity firm claims that the breaches at Santander and Ticketmaster are linked to an ongoing hack of a large cloud storage company, Snowflake.
Hackers gained access to Snowflake’s internal system by stealing login details from a Snowflake employee. The company acknowledged “potentially unauthorized access” to a “limited number” of customer accounts via a demo account owned by a former employee.
This demo account did not contain sensitive data. Snowflake addressed that there is no evidence suggesting the breach was due to any vulnerability, misconfiguration or breach of its product.
The breach affects up to 560 million Ticketmaster accounts. Includes full names, emails, addresses, phone numbers, hashed credit card numbers, and more.
Cybersecurity researchers including malware tracker vx-underground have asserted the legitimacy of the leaked data.
Also Read: Elon Musk’s xAI Raises $6 Billion to Compete with Open AI and AI Firms
