Hackers from the group ShinyHunters are attempting to sell what they claim is confidential information belonging to millions of Santander staff and customers. This group, which recently claimed responsibility for hacking Ticketmaster, has now targeted the international banking giant. Santander, which employs 200,000 people worldwide, including around 20,000 in the UK, has confirmed that data has indeed been stolen.
Data Breach Confirmed
Santander has acknowledged the breach, stating that they understand the concern it causes. The bank is actively reaching out to affected customers and employees. Importantly, Santander emphasized that no UK customer data was compromised.
“After investigating, we confirmed that certain information related to customers in Chile, Spain, and Uruguay, as well as all current and some former employees of the group, has been accessed,” the bank stated. They assured that no transactional data or credentials, such as online banking details and passwords, were compromised, and their systems remain secure for customer transactions.
Hackers’ Claims and Potential Impact
ShinyHunters, in a post on a hacking forum discovered by Dark Web Informer researchers, claimed to possess:
– 30 million people’s bank account details
– 6 million account numbers and balances
– 28 million credit card numbers
– HR information for staff
Santander has not verified these claims. However, ShinyHunters has a history of selling stolen data, including from the US telecom firm AT&T. They are also claiming to sell a significant amount of private data from Ticketmaster.
Expert Opinions and Ongoing Investigations
While some experts caution that ShinyHunters’ claims might be exaggerated for publicity, researchers at the cybersecurity firm Hudson Rock believe the Santander and Ticketmaster breaches are linked to a larger hack of the cloud storage company Snowflake.
Hudson Rock claims to have communicated with the perpetrators, who allegedly accessed Snowflake’s internal system using stolen login details from a Snowflake employee. Snowflake confirmed “potentially unauthorized access” to a limited number of customer accounts through a demo account belonging to a former employee, which did not contain sensitive data.
“We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product,” the company stated, downplaying the potential severity.
Santander’s Response and Customer Assurance
Santander reiterated its apology for the concern caused by the breach and confirmed it is contacting affected individuals directly. The bank continues to work diligently to address the situation and secure its customers’ data.
Previous Incidents Involving ShinyHunters
ShinyHunters have a history of high-profile data breaches, previously affecting major companies like AT&T. Their claim to have accessed vast amounts of sensitive data from Ticketmaster has drawn attention from cybersecurity agencies and the FBI, which has offered assistance.
The Role of Snowflake in the Breach
The potential link to Snowflake, a major cloud storage provider, raises further concerns about cloud security. According to Hudson Rock, the breach at Snowflake allowed hackers to gather significant amounts of data, possibly facilitating the attacks on Santander and Ticketmaster.
Snowflake’s response to the breach emphasizes that the accessed account did not contain sensitive data and that there is no evidence of a vulnerability or misconfiguration in their systems. However, the incident highlights the importance of robust security measures and vigilance in protecting cloud-based data.
Future Security Measures
The Santander breach underscores the need for enhanced cybersecurity protocols, particularly for financial institutions handling sensitive customer information. As cyber threats evolve, banks and other companies must continually update their security practices to protect against increasingly sophisticated hacking attempts.
Cybersecurity experts recommend regular security audits, employee training on recognizing phishing attempts, and implementing advanced encryption methods to safeguard data. Additionally, collaboration between companies and cybersecurity agencies is crucial in detecting and responding to breaches promptly.
