Santander Data Breach: Hackers Steal Sensitive Info of 30 Million Customers and Employees

Madrid, Madrid, Spain Spain
Approximately 30 million Santander customers and employees had their sensitive information stolen in a data breach.
Hackers gained unauthorized access to a customer database at Santander and are attempting to sell the stolen data online.
No transactional data or online banking details were stolen in the breach.
Santander has confirmed the breach and is proactively contacting affected customers and employees directly.
Stolen data includes bank account details, account numbers, balances for 30 million people, credit card numbers for 28 million people, and HR information for all Santander staff.
Santander Data Breach: Hackers Steal Sensitive Info of 30 Million Customers and Employees

In a major data breach, hackers have gained unauthorized access to a customer database at Santander, resulting in the theft of sensitive information belonging to approximately 30 million customers and all current and some former Santander employees. The stolen data includes bank account details, account numbers and balances for 30 million people, credit card numbers for 28 million people, and HR information for all Santander staff. The breach was first detected in early June 2024.

The hackers have taken responsibility for the breach and are attempting to sell the stolen data online. ShinyHunters, a hacking group known for previous data breaches including one at Ticketmaster, has claimed responsibility. The group is demanding $500,000 in ransom to prevent the information from being sold.

Santander has confirmed the breach and is proactively contacting affected customers and employees directly. No transactional data or online banking details were stolen in the breach, according to Santander's statement.

The news comes after a separate report that hackers gained access to a limited number of customer accounts at Snowflake by stealing the login details of a former Snowflake employee. That account did not contain sensitive data.

This is not the first time Santander has been targeted by hackers. In 2023, the bank suffered a ransomware attack that disrupted its operations for several days.

The incident serves as a reminder of the importance of cybersecurity and the need for organizations to take steps to protect their customers' data. It is also a warning to individuals to be vigilant about their online accounts and personal information.



Confidence

96%

Doubts
  • Is it confirmed that ShinyHunters are responsible for the breach?
  • What specific steps is Santander taking to protect customers' information in the future?

Sources

95%

  • Unique Points
    • Hackers are attempting to sell confidential information belonging to millions of Santander staff and customers.
    • The hacked data includes information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees.
    • No transactional data or online banking details were stolen in the breach.
    • Santander is proactively contacting affected customers and employees directly.
    • The hackers gained access to a limited number of customer accounts at Snowflake by stealing the login details of a former Snowflake employee. That account did not contain sensitive data.
  • Accuracy
    • Approximately 30 million Santander customers' data has been stolen by hackers.
    • The stolen data includes bank account details, account numbers and balances for 30 million people.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (85%)
    The article contains an appeal to authority and a potential dichotomous depiction. The appeal to authority is present when the author states that the FBI has offered to assist in investigating the hack on Ticketmaster. This statement is not necessary for conveying information about the hack and could be seen as an attempt to add credibility to the article's claims. Additionally, there may be a dichotomous depiction in how Joe Tidy presents ShinyHunters' claims: he mentions that some experts treat their claims with caution while others believe they are linked to a larger hack. This could create a false dichotomy, implying that one must either fully trust or completely disregard the claims made by ShinyHunters.
    • The FBI has also offered to assist.
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

94%

  • Unique Points
    • Hackers have offered to sell stolen Santander customer and staff details
  • Accuracy
    • Approximately 30 million Santander customers' data has been stolen by hackers
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (0%)
    None Found At Time Of Publication

80%

  • Unique Points
    • . ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers, employees, and bank account data.
    • The threat actor accessed data for employees and customers in Chile, Spain, and Uruguay.
    • ShinyHunters is asking for $2 million for the Santander Bank data, the same amount the bank reported was stolen.
    • The stolen data is claimed to contain personal information of 30 million customers and employees, 28 million credit card numbers, and 6 million account numbers and balances.
    • Santander's Q1 2024 financial report states only 19.5 million customers are in those countries.
    • The FBI seized BreachForums operated by ShinyHunters on May 15th, but the site was restored by the threat actor shortly after.
    • ShinyHunters has a history of selling valid data breaches in the past, such as AT&T's data in 2021 and later confirmed by the company.
  • Accuracy
    • ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers and employees.
    • The stolen data is claimed to contain personal information of 30 million customers and employees,
    • Santander’s Q1 2024 financial report states only 19.5 million customers are in those countries.
  • Deception (30%)
    The article contains selective reporting as the author only reports details that support the author's position about ShinyHunters selling Santander data. The author does not mention that Santander has denied the validity of this claim and that no confirmation of a breach has been made by an official source. The article also implies facts without providing links to peer-reviewed studies or retracted studies, such as the number of customers affected (30 million) which is different from Santander's financial report.
    • ShinyHunters is now claiming to sell the data for Santander customers in Chile, Spain, and Uruguay for $2 million
    • In 2021, Shiny Hunters claimed to be selling the stolen data of 73 million AT&T customers
    • The sales listing comes soon after the FBI seized BreachForums on May 15th
  • Fallacies (85%)
    The article contains an appeal to authority and inflammatory rhetoric. It also uses a dichotomous depiction of ShinyHunters' actions.
    • ShinyHunters is known for selling and leaking data from numerous companies over the years, including this week's alleged massive Ticketmaster data breach impacting 560 million people.
    • However, what makes these sales unusual is that both were first listed on the Russian-speaking Exploit hacking forum days before they were listed on the newly-restored BreachForums.
    • In 2021, Shiny Hunters claimed to be selling the stolen data of 73 million AT&T customers, which the company repeatedly denied to BleepingComputer.
  • Bias (95%)
    The author makes no explicit statements demonstrating bias towards or against any particular group or ideology. However, the author does use language that could be perceived as sensationalizing the situation by using phrases like 'massive trove of Santander data' and 'notorious online community trafficking in the sale and leaking of stolen data'. This could potentially be seen as an attempt to grab readers' attention or elicit a strong emotional response. Additionally, the author mentions that ShinyHunters has a reputation for selling valid data breaches in the past, which could be interpreted as implying that they are trustworthy or reliable when it comes to this type of information. However, it is important to note that this does not necessarily mean that the author holds a positive view of ShinyHunters or their actions. Overall, while there may be some subtle language choices that could be perceived as biased, there is no clear evidence of any overt bias in the article.
    • ]A threat actor known as ShinyHunters is claiming to be selling a massive trove of Santander Bank data[
      • ShinyHunters has a reputation for selling valid data breaches in the past
        • They're also the owner of BreachForums, a notorious online community trafficking in the sale and leaking of stolen data[
        • Site Conflicts Of Interest (100%)
          None Found At Time Of Publication
        • Author Conflicts Of Interest (100%)
          None Found At Time Of Publication

        97%

        • Unique Points
          • Approximately 30 million Santander customers’ data has been stolen by hackers.
          • Unauthorized access to a customer database at Santander was detected.
          • The stolen data includes bank account details, account numbers and balances for 30 million people, credit card numbers for 28 million people, and HR information for all Santander staff.
        • Accuracy
          • ShinyHunters, the hacking group responsible for a recent Ticketmaster breach, claimed responsibility for the Santander hack.
        • Deception (100%)
          None Found At Time Of Publication
        • Fallacies (95%)
          The author is reporting facts and does not make any fallacious statements. However, there are a few instances of inflammatory rhetoric used in the article such as 'hacked', 'stolen' and 'unauthorised access'. These words may create an emotional response but do not actually change the facts presented. Therefore, I cannot deduct too many points for this.
          • Santander has confirmed that hackers have stolen the bank data of approximately 30 million customers.
          • The hackers have claimed to be in possession of 30 million people’s bank account details, 6 million account numbers and balances, 28 million credit card numbers and the HR information for all Santander staff.
        • Bias (100%)
          None Found At Time Of Publication
        • Site Conflicts Of Interest (100%)
          None Found At Time Of Publication
        • Author Conflicts Of Interest (100%)
          None Found At Time Of Publication