Santander Data Breach: Hackers Attempt to Sell Stolen Customer and Staff Details for $2 Million

By Trisha Andrada

Jun 01, 2024 01:36 AM EDT

Santander, a Spanish bank, announced two weeks ago that several accounts had been hacked and stolen. Now, cybercriminals are trying to sell the compromised personal data of millions of customers and employees.

Hackers Try to Profit off Millions of Compromised Bank Accounts

According to the Financial Times, a gang known as ShinyHunters has advertised on a hacking site to sell the stolen data. "Santander is also very welcome if they want to buy this data," it states.

The gang offers 30 million client bank account details, 28 million credit card numbers, 6 million account balances, and personal information on employees.

An insider said the hackers' claims of 30 million accounts were exaggerated. However, Santander chose not to confirm the number of compromised accounts.

On May 14, Santander released a statement revealing that a third-party provider's database had been hacked. The financial institution said that all current and some past employees' personal information, as well as those of clients in Uruguay, Chile, and Spain, had been exposed.

At the time, the bank said that the database did not include any personally identifiable information, online banking details, passwords, or other credentials that would enable unauthorized activities on accounts. Additionally, it said that it was assisting law enforcement with their investigation into the intrusion and has informed regulators.

Are Hackers Getting Ready for Major Assault?

ShinyHunters is the same group that hacked Ticketmaster, which was reported this week. In the past, it has already sold data that was later determined to have been stolen from telecom giant AT&T.

Experts have warned that ShinyHunters' claims should be approached with caution as they might be a publicity gimmick.

In a report by BBC, cybersecurity experts at Hudson Rock have connected the Ticketmaster hack with the Santander breach. They suggest the two are part of a larger and ongoing attack on Snowflake, a major cloud storage competitor.