Banco Santander reports of data breach impacting customers and employees

Banco Santander is reporting a data breach affecting customers and employees across multiple regions, including Santander Chile, Spain, and Uruguay. The compromised database was maintained by an external third-party provider.

Following the discovery of the breach, Santander blocked the unauthorized access and strengthening fraud prevention controls to safeguard affected individuals.

The breach exposed customer and employee data, although the bank claims that the compromised data did not include transactional details or login credentials that would enable transactions.

The bank confirms that its operations and systems remain secure, ensuring that customer transactions could continue safely.

Update - as of 31st of May 2024, the hackert group ShinyHunters has taken responsibility for the data breach at Santander, alleging they have obtained and are selling the personal information of 30 million customers. The group is selling the data to a single bidder for $2 million. The cyber threat news outlet Hackread reports having seen the data, confirming the breadth of the stolen information.

It's now suspected that the breach is executed through breaching Snowflake.

As of 20th of June 2024 Santander reports that the breached Snowflake database has compromised 12,000 employees' names, Social Security numbers, and bank account details. While Santander still claims that the affected database did not contain transactional information or online banking credentials, the hacker group ShinyHunters claims to have stolen 30 million bank account details and 28 million credit card numbers.

As of now, specific details such as the cause of the attack, the exact types of data exposed, and the number of affected individuals have not been disclosed.