Jun 03, 2024 10:23:00

Spanish bank Santander hacked, exposing personal information of 30 million people

Santander , a major Spanish banking group, has revealed that it was hacked by a hacker group called ShinyHunters, resulting in the personal information of up to 30 million customers and the personnel details of up to 200,000 staff members being leaked.

Statement
https://www.santander.com/en/stories/statement

Santander staff and '30 million' customers hacked

https://au.news.yahoo.com/santander-staff-30-million-customers-130639269.html

According to researchers at Dark Web Informer , the data stolen from Santander includes 'bank account details for 30 million customers,' '6 million account numbers and balance information,' '28 million credit card numbers,' and 'staff personnel information.'

The unauthorized access to Santander Bank was carried out by a hacking group known as 'ShinyHunters,' which also claims to have stolen the personal information of approximately 560 million people from Ticketmaster , a major ticket sales platform.

Hacker group 'ShinyHunters' claims to have 'stolen 560 million user data from Ticketmaster,' and experts warn of further cyber attacks - GIGAZINE

During the Ticketmaster hack, ShinyHunters sold the stolen data on hacking forums, but the data stolen from Santander is also being sold on the dark web for $2 million.

????Major Data For Sale????ShinyHunters is allegedly selling access to the Santander Bank database. Price: $2,000,000. One time buyer, #DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec

ShinyHunters claims the data contains 30 million customers, 6 million… pic.twitter.com/Ip7DwaxDtQ

— Dark Web Informer (@DarkWebInformer) May 30, 2024

Santander confirmed the data breach, saying, 'After investigations, the affected personal data include those of customers from Chile, Spain and Uruguay, as well as current and former employees of the Santander Group. However, they added, 'Transaction data and authentication information that allows transactions on accounts, such as online banking details and passwords, were not included in the databases that were hacked. Therefore, customers can continue to transact safely.'

Santander said, 'We apologise for any concern caused, and are in direct contact with affected customers and employees. We have also notified regulators and law enforcement agencies and will continue to work closely with them.' The bank also offered advice such as 'the bank will never ask you for a one-time password or your regular password' and 'if you receive a suspicious message, email or SMS, never open it and report it to your bank.'