Santander hit by cyberattack: Staff and clients have information stolen
- Have YOU been affected? Email [email protected]
Hackers are attempting to sell personal data of all Santander staff and up to 30 million customers in the latest reported theft by cybercrime gangs.
A group calling themselves the ShinyHunters posted an advert on the dark web claiming to have information including HR personal data, bank account details, credit card numbers and account balances.
The group this week also claimed responsibility for a hack of Ticketmaster.
Santander, which employs 20,000 people in the UK and a total of 200,000 worldwide, has confirmed the data has been stolen.
The bank has apologised for ‘the concern this will understandably cause’ and said it is currently in the process of contacting affected customers and employees.
ShinyHunters posted on the dark web claiming to have access to data including 30 million people’s bank account information, 28 million credit card numbers and six million account numbers and balances, the BBC reports.
A group calling themselves the ShinyHunters posted an advert on the dark web claiming to have information including HR personal data, bank account details, credit card numbers and account balances
The hacking group has previously sold data confirmed to have been stolen from US telecoms firm AT&T, and says it is also selling a large amount of data relating to Ticketmaster.
But some experts have warned to be cautious of the claims, as they may be a publicity stunt.
In a statement posted earlier this month, a spokesperson for Santander said: ‘We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider.
‘We immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers.
‘Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed. Customer data in all other Santander markets and businesses are not affected.
‘No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords. The bank’s operations and systems are not affected, so customers can continue to transact securely.
‘The bank’s operations and systems are not affected, so customers can continue to transact securely.
‘We apologise for the concern this will understandably cause and are proactively contacting affected customers and employees directly. We have also notified regulators and law enforcement and will continue to work closely with them.’