Santander has confirmed a significant data breach impacting its global operations. The bank, which employs 200,000 people worldwide, including around 20,000 in the UK, announced that data had been stolen, though it assured UK customers that their data was not affected.

Apology and Customer Assurance

In a statement, Santander apologised for "the concern this will understandably cause" and assured customers that it is "proactively contacting affected customers and employees directly." The bank emphasized that no transactional data or online banking credentials were compromised, allowing customers to continue transacting securely.

Details of the Breach

Santander revealed that the breach impacted customer data from Santander Chile, Spain, and Uruguay. Additionally, the data of all current and some former employees of the group were accessed. The stolen information did not include transactional data or credentials that could enable transactions on accounts.

Hackers' Claims

A hacking group known as ShinyHunters has claimed responsibility for the breach. In a post on a hacking forum, the group advertised that they had obtained:

  • 30 million people's bank account details
  • 6 million account numbers and balances
  • 28 million credit card numbers
  • HR information for staff

Santander has not verified the accuracy of these claims.

Previous Incidents and Broader Implications

ShinyHunters have a history of selling stolen data, including confirmed breaches from US telecom firm AT&T. They also claim to possess significant amounts of private data from Ticketmaster, a breach currently being addressed by the Australian government with assistance from the FBI.

Potential Link to Snowflake Hack

Cyber-security company Hudson Rock suggests the Santander breach and the Ticketmaster incident may be linked to a larger hack involving the cloud storage company Snowflake. According to Hudson Rock, the hackers accessed Snowflake’s internal systems by stealing login details from a former Snowflake employee.

Snowflake's Response

Snowflake acknowledged "potentially unauthorised access" to a "limited number" of customer accounts. The company clarified that the hackers accessed a demo account that did not contain sensitive data and stated there was no evidence of a vulnerability, misconfiguration, or breach in Snowflake’s product.

While the full scope and accuracy of the data breach claims by ShinyHunters are still under investigation, the incident underscores the ongoing risks and complexities associated with data security in large multinational organisations. Both Santander and Snowflake are taking steps to address and mitigate the impacts of these breaches.