Santander cyber hack places 30m financial institution accounts liable to darkish net sale

  • Dark Web Informer say millions of customer details are up for sale  

Millions of bank account details could be at risk of sale to online criminals after Santander became the target of a cyber attack by hacking group ShinyHunters.

Last month’s hack, which preceded a similar attack on Ticketmaster, has led to data relating to all of the European lender’s 210,000 staff, as well as millions of its customers, being compromised.

Now researchers at Dark Web Informer have warned ShinyHunters are advertising that data for sale on the dark web.

Santander said it was ‘aware of an unauthorised access to a Santander database hosted by a third-party provider’

The data for sale, according to Dark Web Informer, includes 30million people’s bank account details, six million account numbers and balances, 28 million credit card numbers, and HR staff info.

The researchers also allege that ShinyHunters are selling access to Santander’s database for $2million (£1.6 million) to a ‘one time’ buyer – even noting that Santander is ‘also very welcome’ to buy the data itself.

Whose data could be at risk?

The bank has yet to comment on the accuracy of these claims, but on 14 May acknowledged it was ‘aware of an unauthorised access to a Santander database hosted by a third-party provider’.

Santander said it had ‘immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers’.

The bank’s investigation found that ‘certain information’ relating to customers of Santander Chile, Spain and Uruguay had been accessed.

Meanwhile ‘all current’ staff, some 20,000 of whom are in the UK, and ‘some’ former employees are affected.

I’m a UK Santander customer, or current or former employee – should I take any action?

Santander assured customers that the affected database contained ‘no transactional data, nor any credentials that would allow transactions to take place on accounts…including online banking details and passwords’.

It added: ‘The bank’s operations and systems are not affected, so customers can continue to transact securely

‘We have also notified regulators and law enforcement and will continue to work closely with them.’

The bank apologised for any concerns this may have caused and said it would ‘proactively’ contact affected customers and employees directly.

While this could apply to current and former staff, no UK customers are affected.

The growing cyber hack risk

The Santander cyber hack is another demonstration of the growing threat posed by online criminals to both businesses and consumers.

Reports last week suggested ShinyHunters are demanding a £400,000 ransom from Ticketmaster to prevent its data being sold on the dark web – though the online ticket seller did not acknowledge the breach publicly.

Recent UK corporate targets of cyber attacks include vet group CVS in April, law firm IT provider CTS in November and outsourcing giant Capita in late 2023.

Susannah Streeter, head of money and markets at Hargreaves Lansdown, said: ‘Although [Santander’s] UK customer details were not accessed in the breach, it’s shone the spotlight on the reputational damage companies can suffer through such attacks.

‘Millions of bank account details were accessed – although passwords and other credentials were not in the breached database.

‘Santander has moved to reassure customers that transactions are secure, to try and limit the fallout. 

‘Nevertheless, for financial institutions, even smaller breaches can significantly knock customer confidence, which is a risk in the competitive banking arena.’