A criminal, wearing a mask removing a large gold coin from an open safe.

Santander Data Breach: 30 million Customers Affected

Santander Bank has recently become the focus of a major security issue. ShinyHunters, a group of threat actors, is said to have begun providing a large collection of sensitive bank data. This comes only two weeks after the bank revealed a data breach.

ShinyHunters has a reputation for selling and disclosing information from many different businesses. They are suspected of being behind this week’s big Ticketmaster data leak that affected 560 million customers.

Additionally, they control BreachForums, an infamous internet forum that traffics in stolen data and has withstood many takedowns by law authorities in recent years.

ShinyHunters recently took credit for a breach at the multinational banking behemoth Santander Bank. The $2 million hack exposed the personal information of nearly 30 million consumers. This incident affects customers of Santander Bank, which has 8,518 branches worldwide and serves clients in Uruguay, Chile, and Spain.

In line with the Santander statement:

Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed. Customer data in all other Santander markets and businesses are not affected.

ShinyHunters claims to have Santander customer data for sale on breach forums
ShinyHunters claims to have Santander customer data for sale on breach forums (BleepingComputer)

According to reports, the data contains the private information of 30 million clients and staff members. This number includes credit card numbers, bank account information, and even workplace records.

There is no independent verification for these claims. Although ShinyHunters included examples of the data in their selling listing, it is still unclear if this information relates to Santander.

Notably, only 19.5 million clients in the impacted nations are listed in Santander’s Q1 2024 financial report. This statistic contradicts the suspected cybercriminal’s allegation of 30 million.

Soon after the FBI took control of BreachForums on May 15, the sale listing became public. ShinyHunters and another man identified as Baphomet once ran BreachForums. ShinyHunters reports that police have taken custody of the administrator, Baphomet. They did, however, act quickly to move the BreachForums website from a backup domain to a new one.

In a setback for previous law enforcement operations, the infamous online marketplace BreachForums has reappeared. This comes after ShinyHunters successfully regained control of a seized domain, displaying their defiance of authority.

This bold action not only sees Breach Forums return to the dark web, but it also signals its relaunch on the clearnet, utilising the same domain that was previously seized.

In 2021, Shiny Hunters claimed to be selling stolen data from 73 million AT&T subscribers. AT&T continually refuted the allegations. However, in 2024, the data surfaced on a hacker forum. AT&T later verified that the breach occurred and that the data was valid.

The disclosure of sensitive financial information raises major concerns about identity theft, fraud, and other illegal activity. This incident highlights the ongoing risks that cybercriminals pose to financial institutions and their clients.

Despite Santander Bank’s response to the hack, users are recommended to keep an eye out for unusual activity on their accounts. Furthermore, risks can be reduced by implementing security measures such as two-factor authentication and regularly changing passwords.

At Phishing Tackle, we know all too well that security technology is often left incorrectly configured, demonstrated by our free Domain Spoofing Test which currently gets past around 50% of users security systems.

Security Awareness Training remains one of the most cost-effective methods of boosting cyber-security within your business. Have a look at our free Click-Prone® Test to find out how many of your staff are susceptible to a phishing attack and learn how you can reduce this number today.

Recent posts