Hackers Offer To Sell Hacked Data On Santander Customers, Staff

Matthew Broersma,
Linkedin
hacker hacking security data

Hacking group posts advert to sell customer, staff data allegedly stolen from Santander after bank acknowledges hack in May

A hacking group claims to be selling sensitive information on tens of millions of Santander customers and staff following a hack in May.

The group, called ShinyHunters, is the same that claimed to have hacked Ticketmaster last week.

In a post on a hacking forum, first noticed by Dark Web Informer, the group said it was selling bank account details for 30 million people, 6 million account numbers and balances, 28 million credit card numbers, and HR information for Santander staff, for an asking price of $2 million (£1.6m).

“Santander is also very welcome if they want to buy this data,” the group wrote in its online advert.

The Tech Of Crime Part 2: Policing And Data

Santander hack

The bank last month acknowledged that it was hacked, but has not given details of what was accessed.

The bank declined to comment on the accuracy of the hackers’ claims.

In mid-May the bank said it had confirmed information related to customers in Chile, Spain and Uraguay, as well as “all current and some former Santander employees” had been hacked.

“Customer data in all other Santander markets and businesses are not affected,” the bank said at the time.

It apologised for “the concern this will understandably cause” and said it was “proactively contacting affected customers and employees directly”.

Stolen data

Santander said no transactional data or credentials were contained in the affected database, adding that its banking systems were unaffected and that customers could continue to “transact securely”.

ShinyHunters is also selling data it claims was stolen from Ticketmaster and has previously sold data confirmed to have been stolen from AT&T.