Third-party database hack exposes bank account details of Santander's American employees
Santander Bank has reported a data breach affecting approximately 12,786 U.S. employees, according to the Maine Attorney General's office. The breach is attributed to the ShinyHunters hacking group, an international cybercriminal collective known for hacking and selling stolen data from multiple high-profile targets.
The breach occurred between late April and early May, with the affected data being that used for direct deposits. The bank immediately blocked access to the affected systems and is taking further action to protect its systems.
The ShinyHunters group claimed access to data belonging to 30 million Santander customers, but it's not yet possible to confirm their involvement in the breach, according to Aviral Verma, lead threat intelligence analyst at Securin.
The breach was from a third-party database, indicating that the attack vector was through a supplier or partner system rather than Santander's direct systems. This is not the first time Santander has been affected by a third-party database hack. Previously, customers in Chile, Uruguay, and Spain were also impacted.
The third-party database did not contain any transactional data or account credentials. The original poster associated with ShinyHunters is now "retired." The breach was discovered on May 10, having taken place on April 17.
Santander Bank plans to notify customers, employees, and regulators about the potential data breach. It remains unclear whether the impacted individuals are only U.S. employees or include others. The bank has warned thousands of U.S. employees about the potential data breach.
ShinyHunters, active since 2020, has been linked to other major breaches such as Allianz Life and Ticketmaster. The group is known for compromising third-party vendors' databases and selling the stolen data.
This news serves as a reminder for organisations to prioritise cybersecurity measures, especially when dealing with third-party vendors. Santander Bank, along with affected employees and customers, will continue to monitor the situation closely and take necessary actions to protect their information.
- The threat intelligence analyst at Securin, Aviral Verma, stated that it's not yet possible to confirm the ShinyHunters group's involvement in the Santander Bank data breach, despite their claim of access to data belonging to 30 million customers.
- Given the ShinyHunters group's previous actions, such as compromising third-party vendors' databases and selling the stolen data, this incident serves as a stark reminder for businesses to prioritize cybersecurity, particularly when working with third-party vendors.
- In light of the ongoing cybersecurity threats and the recent data breach, Santander Bank, along with affected employees and customers, will continue to closely monitor the situation and take necessary actions to protect their information using advanced technology and strengthened cybersecurity measures.
