Hackers are attempting to sell what they claim are bank account details for 30 million Santander customers, with an asking price of $2 million.
Earlier this month, Santander confirmed that a data breach at a third-party provider had exposed some client and employee data. In a post on a hacking forum, the ShinyHunters group is offering a large cache of stolen information, which includes 30 million bank account details, 28 million credit card numbers, six million account numbers along with balances, and HR information related to the bank’s 200,000 employees.
The post also mentions, “Santander is also very welcome if they want to buy this data.” This week, ShinyHunters claimed responsibility for an attack on TicketMaster and have previously targeted telecommunications company AT&T.
Experts are urging caution regarding the TicketMaster incident, suggesting it may have been a publicity stunt for a new hacking forum following the takedown of the previous one by law enforcement.
In a statement regarding the breach two weeks ago, Santander indicated that access was gained to a bank database hosted by a third party, impacting operations in Spain, Chile, and Uruguay. The bank emphasized that “no transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords. The bank’s operations and systems are not affected, so customers can continue to transact securely.”