- Dark Web Informer says millions of customer data are for sale
Millions of bank account details are at risk of being sold to online criminals after Santander became the target of a cyber attack by hacking group ShinyHunters.
Last month’s hack, which preceded a similar attack on Ticketmaster, resulted in data belonging to all of the European lender’s 210,000 employees, as well as millions of customers, being compromised.
Now, researchers at Dark Web Informer have warned that ShinyHunters are advertising data for sale on the dark web.
According to Dark Web Informer, the data for sale includes the bank account information of 30 million people, six million account numbers and balances, 28 million credit card numbers, and HR personnel information.
The researchers also claim that ShinyHunters is selling access to Santander’s database for $2 million (£1.6 million) to a ‘one-off’ buyer – even noting that Santander is ‘also very welcome’ to buy the data itself.
Whose data could be at risk?
The bank has not yet commented on the veracity of these claims, but acknowledged on May 14 that it was “aware of unauthorized access to a Santander database hosted by a third-party provider.”
Santander said it had “immediately implemented measures to contain the incident, including blocking the compromised access to the database and putting in place additional fraud prevention controls to protect affected customers.”
The bank’s investigation found that “certain information” relating to customers from Santander, Chile, Spain and Uruguay had been accessed.
Meanwhile, ‘all current’ staff, including around 20,000 in Britain, and ‘some’ former employees are affected.
I am a Santander customer in the UK, or current or former employee. Do I need to take action?
Santander assured customers that the affected database “did not contain any transaction data, nor any login details allowing transactions to be made on accounts… including online banking data and passwords.”
It added: ‘The bank’s operations and systems are unaffected, ensuring customers can continue to transact safely
“We have also notified regulators and law enforcement agencies and will continue to work closely with them.”
The bank apologized for any concerns this may have caused and said it would ‘proactively’ contact affected customers and employees directly.
While this could apply to current and former staff, no UK customers are affected.
The growing risk of cyber hacks
Click here to change the format of this module
Santander’s cyber hack is yet another demonstration of the growing threat that online criminals pose to both businesses and consumers.
Reports last week suggested ShinyHunters are demanding a £400,000 ransom from Ticketmaster to stop their details being sold on the dark web – although the online ticket seller has not publicly acknowledged the breach.
Recent UK corporate targets of cyber attacks include veterinary group CVS in April, law firm IT supplier CTS in November and outsourcing giant Capita in late 2023.
Susannah Streeter, head of money and markets at Hargreaves Lansdown, said: “Although [Santander’s] The breach did not use UK customer data, putting a spotlight on the reputational damage companies can suffer from such attacks.
‘Millions of bank account details were accessed, although passwords and other login details were not in the hacked database.
‘Santander has taken steps to reassure customers that transactions are safe, to try to limit the impact.
“Nevertheless, for financial institutions, even smaller breaches can significantly damage customer confidence, which is a risk in the competitive banking arena.”
Some links in this article may be affiliate links. If you click on it, we may earn a small commission. That helps us fund This Is Money and keep it free to use. We do not write articles to promote products. We do not allow a commercial relationship to compromise our editorial independence.