Hackers are trying to sell what they say is confidential information belonging to millions of Santander employees and customers.
They belong to the same gang this week Claims to have hacked Ticketmaster.
The bank, which has 200,000 employees worldwide, including about 20,000 in the UK, has confirmed that data was stolen.
Santander has apologized “for the concern this will cause”, adding that it is “proactively contacting affected customers and employees directly”.
“Following an investigation, we have now confirmed that certain information has been obtained regarding Santander customers in Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group,” the company said in a statement. Statement released earlier this month.
“The repository did not contain transaction data, nor did it contain any credentials that would have allowed transactions to be made on the account, including online banking details and passwords.”
The company said its banking systems were not affected, so customers could continue to “transact securely.”
In a post on a hacker forum (first discovered by researchers at Dark Web Informer), the group calling themselves ShinyHunters posted an advertisement saying they had data including:
- Bank account details of 30 million people
- 6 million accounts and balances
- 28 million credit card numbers
- Employee Human Resources Information
Santander has not yet commented on the accuracy of these claims.
ShinyHunters has previously sold data confirmed to have been stolen from US telecommunications company AT&T.
The group also sold large amounts of private data allegedly from Ticketmaster.
The Australian government said it was working with Ticketmaster to resolve the issue. The FBI also offered to assist.
Some experts say ShinyHunters’ claims should be treated with caution because they could be a publicity stunt.
However, researchers at cybersecurity firm Hudson Rock claim that the Santander data breach and the apparent Ticketmaster incident are related to a major ongoing hack at a large cloud storage company called Snowflake.
Hudson Rock said it has spoken with the perpetrators of the Snowflake hack, who claim they gained access to its internal systems by stealing the login details of Snowflake employees.
Snowflake said in a statement on Friday that it was aware that a “limited number” of customer accounts “may have been subject to unauthorized access.”
The hackers appear to have used login credentials to access simulated accounts owned by former Snowflake employees.
The account “does not contain sensitive information,” the company said.
“We have no evidence that this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s products,” it added.
